This is the mail archive of the
gdb-prs@sources.redhat.com
mailing list for the GDB project.
Re: gdb/1514: solaris setuid
- From: Agazzini Maurizio <maurizio at mediaservice dot net>
- To: nobody at sources dot redhat dot com
- Cc: gdb-prs at sources dot redhat dot com,
- Date: 20 Jan 2004 12:08:00 -0000
- Subject: Re: gdb/1514: solaris setuid
- Reply-to: Agazzini Maurizio <maurizio at mediaservice dot net>
The following reply was made to PR gdb/1514; it has been noted by GNATS.
From: Agazzini Maurizio <maurizio@mediaservice.net>
To: Daniel Jacobowitz <drow@mvista.com>
Cc: gdb-gnats@sources.redhat.com
Subject: Re: gdb/1514: solaris setuid
Date: Tue, 20 Jan 2004 13:05:24 +0100
Hi all,
gdb work corretly on setuid files on linux and *BSD. the problem is only
on solaris, the root can trace (see truss or apptrace) a setuid file.
Also GDB can attach to a setuid running process, but have problem when
is trying to create it...
The problem seem to be when it's trying to write something to
/proc/pid/status...
As you told it's ok that an user can't debug setuid programs, but the
root can do it...
Thank you in advance.
Agazzini Maurizio
root@merlino[/export/home/inode]: id
uid=0(root) gid=1(other)
root@merlino[/export/home/inode]:
root@merlino[/export/home/inode]: cat test.c
void main(){
printf("test\n");
}
root@merlino[/export/home/inode]: gcc -o test test.c
test.c: In function `main':
test.c:2: warning: return type of `main' is not `int'
root@merlino[/export/home/inode]: chmod +s test
root@merlino[/export/home/inode]:
root@merlino[/export/home/inode]: gdb test
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...(no debugging
symbols found)...
(gdb) r
Starting program: /export/home/inode/test
procfs: target_wait (wait_for_stop) line 3931, /proc/11035: Resource
temporarily unavailable.
(gdb) quit
root@merlino[/export/home/inode]: truss gdb test
[..]
open("/proc/11038/status", O_RDONLY) = 6
[...]
getsid(0) = 242
ioctl(0, TIOCSPGRP, 0xFFBEEA90) = 0
write(5, "\0\0\005\0\0\003", 8) = 8
lseek(6, 0, SEEK_SET) = 0
read(6, 0x002DB510, 1232) Err#11 EAGAIN
write(5, "\0\0\003", 4) Err#11 EAGAIN
sigaction(SIGTTOU, 0xFFBEE400, 0xFFBEE480) = 0
ioctl(0, TCGETS, 0x002B2F58) = 0
ioctl(0, TIOCGSID, 0xFFBEE454) = 0
getsid(0) = 242
ioctl(0, TIOCGPGRP, 0xFFBEE4BC) = 0
ioctl(0, TCSETS, 0xFFBEE418) = 0
ioctl(0, TIOCGSID, 0xFFBEE45C) = 0
getsid(0) = 242
ioctl(0, TIOCSPGRP, 0xFFBEE508) = 0
sigaction(SIGTTOU, 0xFFBEE400, 0xFFBEE480) = 0
fcntl(0, F_GETFL, 0x00000000) = 2
fstat64(0, 0xFFBEE3B8) = 0
fstat64(0, 0xFFBEE3B8) = 0
fcntl(0, F_SETFL, 0x00002002) = 0
fstat64(0, 0xFFBEE428) = 0
fcntl(0, F_SETFL, 0x00002002) = 0
write(2, 0x002D8500, 0) = 0
procfs: target_wait (wait_for_stop) line 3931, /proc/11038: Resource
temporarily unavailable.write(2, " p r o c f s : t a r g".., 93) = 93
[...]
Daniel Jacobowitz ha scritto:
> I am not familiar with Solaris so take this with a grain of salt.
>
> On Fri, Jan 16, 2004 at 01:38:54PM -0000, maurizio@mediaservice.net wrote:
>
>>GDB has problem to trace setuid file on solaris system.
>
>
>>(gdb) r
>>Starting program: /usr/bin/passwd
>>procfs: target_wait (wait_for_stop) line 3931, /proc/269: Resource temporarily unavailable.
>
>
> Almost no system will let you debug a setuid binary. It's a security
> hole, since it elevates the privilege of the debugger.
>
--
+-------------------------------------------------------------------+
| Agazzini Maurizio Tel: +39-011-32.72.100 |
| Security Analyst Fax: +39-011-32.46.497 |
| @ Mediaservice.net S.R.L. D.S.D. Data Security Division |
| |
| PGP Key : http://www.wayreth.eu.org/Agazzini_Maurizio.asc |
| Disclaimer: http://@Mediaservice.net/disclaimer |
+-------------------------------------------------------------------+