This is the mail archive of the
gdb@sourceware.org
mailing list for the GDB project.
Re: unable to attach to setuid program that as reverted it privilege
- From: "Reynolds, Brandon" <brandon dot reynolds at lmco dot com>
- To: pottmi at gmail dot com
- Cc: gdb at sourceware dot org
- Date: Mon, 14 Apr 2008 09:32:34 -0400
- Subject: Re: unable to attach to setuid program that as reverted it privilege
I can't seem to get this to work.
I have a setuid executable with the following code:
-----------------------------------------------------------------------------
/* keep root capabilities as we transition to the regular user */
prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 );
/* switch back to user that ran us */
setuid( p->pw_uid );
setgid( p->pw_gid );
/* drop all privs except CAP_SYS_NICE */
if (cap_set_proc((cap = cap_from_text( "CAP_SYS_NICE+pe" ))) < 0)
{
perror( "cap_set_proc: failed to drop privs, aborting" );
exit( 1 );
}
cap_free(cap);
-----------------------------------------------------------------------------
> cat /proc/sys/kernel/suid_dumpable
2
> uname -a
Linux sgi2 2.6.16.46-0.12-default #1 SMP Thu May 17 14:00:09 UTC 2007 ia64 ia64 ia64 GNU/Linux
FYI, the man 5 proc says:
/proc/sys/fs/suid_dumpable (since Linux 2.6.13)
The value in this file determines whether core dump files are produced for set-user-ID or otherâ
wise protected/tainted binaries. Three different integer values can be specified:
0 (default) This provides the traditional (pre-Linux 2.6.13) behaviour. A core dump will not be
produced for a process which has changed credentials (by calling seteuid(2), setgid(2), or simiâ
lar, or by executing a set-user-ID or set-group-ID program) or whose binary does not have read
permission enabled.
1 ("debug") All processes dump core when possible. The core dump is owned by the file system
user ID of the dumping process and no security is applied. This is intended for system debugâ
ging situations only. Ptrace is unchecked.
2 ("suidsafe") Any binary which normally would not be dumped (see "0" above) is dumped readable
by root only. This allows the user to remove the core dump file but not to read it. For secuâ
rity reasons core dumps in this mode will not overwrite one another or other files. This mode
is appropriate when administrators are attempting to debug problems in a normal environment.
> This is documented as allowing core files to be created for setuid
> programs. What I am using it for is to allow gdb run as a non-root
> user to connect to setuid programs that have _permanently_ given up
> their root privilege. Without suid_dumpable enabled, gdb will fail
> with a EPERM error even tho the target program is no longer running as
> root and can not reacquire root privilege ( a good default behavior ).
What did you mean by "_permanently_"?
-Brandon