* Re: 2.4.16 + strace 4.4 + setuid programs
[not found] <Pine.LNX.4.40.0112060104140.32509-100000@behemoth.hobitch.com>
@ 2001-12-06 6:52 ` Damian M Gryski
2001-12-06 15:56 ` Jason Kohles
1 sibling, 0 replies; 3+ messages in thread
From: Damian M Gryski @ 2001-12-06 6:52 UTC (permalink / raw)
To: Linux Kernel List
On Thu, 06 Dec 2001, Keith Warno wrote:
> Hmm. Is strace supposed to be capable of tracing setuid programs (ie,
> su) when executed by mortal users? I always thought this was a big
> no-no.
Seems to me it drops permissions instead of not allowing the trace.
--- 8< --- cut here --- 8< ---
dmg@jolt:[pts/4]:~$ cat euid.c
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
int main() { printf("euid=%d\n", geteuid()); }
dmg@jolt:[pts/4]:~$ ls -l ./euid
-rwsr-sr-x 1 root root 5039 Dec 6 01:46 ./euid
dmg@jolt:[pts/4]:~$ ./euid
euid=0
dmg@jolt:[pts/4]:~$ strace -o /dev/null ./euid
euid=1000
dmg@jolt:[pts/4]:~$
--- 8< --- cut here --- 8< ---
Damian
--
Damian Gryski ==> dgryski@uwaterloo.ca | Linux, the choice of a GNU generation
512 pt Hacker Test score = 37% | 500 pt Nerd Test score = 56%
geek / linux zealot / coder / juggler
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: 2.4.16 + strace 4.4 + setuid programs
[not found] <Pine.LNX.4.40.0112060104140.32509-100000@behemoth.hobitch.com>
2001-12-06 6:52 ` 2.4.16 + strace 4.4 + setuid programs Damian M Gryski
@ 2001-12-06 15:56 ` Jason Kohles
1 sibling, 0 replies; 3+ messages in thread
From: Jason Kohles @ 2001-12-06 15:56 UTC (permalink / raw)
To: Keith Warno; +Cc: Linux Kernel List
On Thu, Dec 06, 2001 at 01:09:02AM -0500, Keith Warno wrote:
> Hmm. Is strace supposed to be capable of tracing setuid programs (ie,
> su) when executed by mortal users? I always thought this was a big
> no-no.
>
You can trace them, but strace will ignore the setuid bit on the process,
for example if you strace su, you will see a lot of permission denied, as
it won't actually run as root, and won't be able to open things like
/etc/shadow or /proc/self/fd/0. If you want to strace setuid things and
have the setuid bit honored, you have to run strace as root with the -u
option.
--
Jason Kohles jkohles@redhat.com
Senior System Architect (703)786-8036 (cellular)
Red Hat Professional Consulting (703)456-2940 (office)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: 2.4.16 + strace 4.4 + setuid programs
@ 2001-12-06 17:25 Manfred Spraul
0 siblings, 0 replies; 3+ messages in thread
From: Manfred Spraul @ 2001-12-06 17:25 UTC (permalink / raw)
To: Jason Kohles; +Cc: linux-kernel
> If you want to strace setuid things and
> have the setuid bit honored, you have to run strace as root with the -u
> option.
No, even that's not possible anymore.
setuid is now always ignored if a process is ptraced, even if root
is ptracing - that's the fix for the latest ptrace root exploit
(2.4.1x).
--
Manfred
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-12-06 17:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <Pine.LNX.4.40.0112060104140.32509-100000@behemoth.hobitch.com>
2001-12-06 6:52 ` 2.4.16 + strace 4.4 + setuid programs Damian M Gryski
2001-12-06 15:56 ` Jason Kohles
2001-12-06 17:25 Manfred Spraul
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.