From: Solar Designer <solar@openwall.com>
To: Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
Cc: Alan Cox <alan@redhat.com>,
Marcelo Tosatti <marcelo.tosatti@cyclades.com>,
linux-kernel@vger.kernel.org
Subject: Re: question about /proc/<PID>/mem in 2.4 (fwd)
Date: Sun, 18 Jul 2004 16:59:25 +0400 [thread overview]
Message-ID: <20040718125925.GA20133@openwall.com> (raw)
In-Reply-To: <Pine.LNX.4.44.0407181336040.2374-100000@einstein.homenet>
On Sun, Jul 18, 2004 at 01:41:34PM +0100, Tigran Aivazian wrote:
> > | setuidapp < /proc/self/mem
[...]
> In the above example there is nothing forbidden and the current state of
> things doesn't prevent the program from reading it's own address space.
>
> Thus I see absolutely nothing special about the case:
>
> # setuidapp < /proc/self/mem
>
> and this program reading stdin.
The problem is the program does not know its stdin corresponds to a
process' address space and it does not know it is making use of a
privilege to read it. A correctly written SUID root program may
reasonably assume that the data it obtains from stdin is whatever the
unprivileged user has provided, -- and, for example, display such data
back to the user (as a part of an error message or so). If we permit
reads from /proc/<pid>/mem based on credentials of the read(2)-calling
process only, this assumption would be violated resulting in security
holes.
Oh, by the way, I've just noticed that the above example is not
entirely correct. In order to read setuidapp's own address space
(after the kernel has been patched according to your proposal), it
should have been:
$ exec setuidapp < /proc/self/mem
--
Alexander Peslyak <solar@openwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
next prev parent reply other threads:[~2004-07-18 13:01 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-07 13:28 question about /proc/<PID>/mem in 2.4 (fwd) Tigran Aivazian
2004-07-07 23:48 ` Solar Designer
2004-07-18 12:41 ` Tigran Aivazian
2004-07-18 12:59 ` Solar Designer [this message]
2004-07-18 21:27 ` Willy Tarreau
2004-07-18 23:15 ` Paul Jackson
2004-07-19 4:54 ` Willy Tarreau
2004-07-19 6:47 ` Paul Jackson
2004-07-22 20:34 ` Alan Cox
2004-07-22 21:23 ` Paul Jackson
2004-07-23 17:34 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040718125925.GA20133@openwall.com \
--to=solar@openwall.com \
--cc=alan@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo.tosatti@cyclades.com \
--cc=tigran@aivazian.fsnet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox