Re: [PATCH] i386 ptrace patch needed for user-mode port

Nate Eldredge (neldredge@hmc.edu)
Mon, 27 Sep 1999 19:37:21 -0700


David Weinehall wrote:

> > > Has anybody looked closely at possible security implications? I.e., switch
> > > system call numbers so "read" becomes "write" (or "exec") and run a
> > > program...
> >
> > You need permission to trace the process (you must be its owner or
> > root). And if you have that you can do POKE_DATA and any number of
> > other exciting things. So I don't think this adds any security issues.
>
> Hmmm, but how does it works in a capability system? I don't know
> capabilities, but presumably you can have TRACE-permissions without having
> MEM_WRITE permissions.

Well, have a look at sys_ptrace in arch/i386/kernel/ptrace.c et al.
Permission checks are only done once, at PTRACE_ATTACH time, and so they
apply to all forms of tracing/patching/debugging. So if it's broken, it
was broken already.

[PS. Sorry if the threading is all wrong; I'm reading linux-kernel via
web archives and copy-pasting.]

-- 

Nate Eldredge neldredge@hmc.edu

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/