From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 6 Dec 2001 01:53:12 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 6 Dec 2001 01:53:02 -0500 Received: from [24.112.107.70] ([24.112.107.70]:21495 "EHLO jolt.dmgware.ca") by vger.kernel.org with ESMTP id ; Thu, 6 Dec 2001 01:52:42 -0500 Date: Thu, 6 Dec 2001 01:52:53 -0500 From: Damian M Gryski To: Linux Kernel List Subject: Re: 2.4.16 + strace 4.4 + setuid programs Message-ID: <20011206065253.GA1295@dmgware.dhs.org> Reply-To: Damian M Gryski Mail-Followup-To: Linux Kernel List In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.24i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 06 Dec 2001, Keith Warno wrote: > Hmm. Is strace supposed to be capable of tracing setuid programs (ie, > su) when executed by mortal users? I always thought this was a big > no-no. Seems to me it drops permissions instead of not allowing the trace. --- 8< --- cut here --- 8< --- dmg@jolt:[pts/4]:~$ cat euid.c #include #include #include int main() { printf("euid=%d\n", geteuid()); } dmg@jolt:[pts/4]:~$ ls -l ./euid -rwsr-sr-x 1 root root 5039 Dec 6 01:46 ./euid dmg@jolt:[pts/4]:~$ ./euid euid=0 dmg@jolt:[pts/4]:~$ strace -o /dev/null ./euid euid=1000 dmg@jolt:[pts/4]:~$ --- 8< --- cut here --- 8< --- Damian -- Damian Gryski ==> dgryski@uwaterloo.ca | Linux, the choice of a GNU generation 512 pt Hacker Test score = 37% | 500 pt Nerd Test score = 56% geek / linux zealot / coder / juggler