Re: As 2.0 looms
Miquel van Smoorenburg (miquels@drinkel.ow.org)
Wed, 22 May 1996 20:36:54 +0200 (MET DST)
In article <m0uHYnS-0005FhC@lightning.swansea.linux.org.uk>,
Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:
>> Nope, there is no window, because the read() actually checks the same
>> things that "ptrace" checks. Notably, in order to be able to read the
>> process memory map, we must have the PF_PTRACED bit set, and then a suid
>> execve wouldn't succeed anyway.
>
>It depends when the read tests, we could start the read have PF_TRACED turn off
>and then exec a setuid program. If the read tests per byte we should be ok.
How Alan? The only process that can turn off the trace bit
_is_ the process doing the reading/mmaping...
Mike.
--
+ Miquel van Smoorenburg + Cistron Internet Services + Living is a |
| miquels@cistron.nl (SP6) | Independent Dutch ISP | horizontal |
+ miquels@drinkel.ow.org + http://www.cistron.nl/ + fall +