This is the mail archive of the mailing list for the GDB project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: unable to attach to setuid program that as reverted it privilege

On Mon, Apr 14, 2008 at 11:28 AM, Reynolds, Brandon
<> wrote:
> Tavis,
>  Obviously there are security risks involved; however, sometimes the
>  choice is between giving users root and allowing them to debug a process
>  with some extended capabilities.
>  Michael,
>  I agree wholeheartedly with you that it would be good to have some fine
>  grained control over things.  I wonder if that is what
>  prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) is supposed to do?  See "man 2 prctl"
>  for details.
>  I can't seem to reproduce results however with either tweaking the proc
>  file or calling prctl().  What kernel are you running?

I am using what ever kernel is default with opensuse 10.3.  Sorry, I
am not at my suse box right now to give you a definite answer.

I played with prctl some time ago to fix a similar problem.  I did not
have any luck.  I kept running into people telling me that I should
not do that because it is a security hole.

If I recall correctly (and this was a couple of years ago), I looked
at the kernel source for pattach and found that the EPERM error was
output regardless of the process control or capability settings.  My
conclusion at that time was that it not implemented.

Michael Potter

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]