From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2452 invoked by alias); 22 Jan 2008 20:24:07 -0000 Received: (qmail 2441 invoked by uid 22791); 22 Jan 2008 20:24:06 -0000 X-Spam-Check-By: sourceware.org Received: from wa-out-1112.google.com (HELO wa-out-1112.google.com) (209.85.146.183) by sourceware.org (qpsmtpd/0.31) with ESMTP; Tue, 22 Jan 2008 20:23:47 +0000 Received: by wa-out-1112.google.com with SMTP id l35so4567986waf.12 for ; Tue, 22 Jan 2008 12:23:45 -0800 (PST) Received: by 10.114.200.2 with SMTP id x2mr6916341waf.19.1201033425688; Tue, 22 Jan 2008 12:23:45 -0800 (PST) Received: by 10.115.58.2 with HTTP; Tue, 22 Jan 2008 12:23:45 -0800 (PST) Message-ID: <2379dacc0801221223o155001a4gdb610b91d1d282d9@mail.gmail.com> Date: Tue, 22 Jan 2008 20:24:00 -0000 From: "Michael Potter" To: "Michael Potter" , gdb@sourceware.org Subject: Re: unable to attach to setuid program that as reverted it privilege In-Reply-To: <20080122200856.GA20301@caradoc.them.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com> <20080122200856.GA20301@caradoc.them.org> X-IsSubscribed: yes Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2008-01/txt/msg00226.txt.bz2 On Jan 22, 2008 2:08 PM, Daniel Jacobowitz wrote: > On Tue, Jan 22, 2008 at 01:59:48PM -0600, Michael Potter wrote: > > I will speculate that the logic behind that is even tho the program > > does not have root privilege now, it could have something in left over > > in memory from when it did have root privilege. I think this is a > > Correct. For instance, it could have an open file descriptor to a > root-owned file or a privileged network socket. There's lots of > things you can inherit. > > > good default behavior, but I am hopeful that some clever programmer > > has found a way to change their program such that gdb can attach to > > it. > > It has nothing to do with the program; this is part of your kernel's > security model. Sorry. I believe it's pretty much universal behavior > across Unix-like systems. > > > Suggestions on alternatives such as a way to switch users without root > > privileges > > are welcome. > > Allow "sudo -u otheruser ./nonsetuid-copy-of-program" ? > My program is a daemon process that runs as root. When it starts is reduces it's privilege and it returns its privilege to just long enough to validate the user's password. It then forks. The child returns its root priv to do the one way switch to the new user. The reason I think someone may have a solution to this (even if it is a hack) is that exec will solve the problem. I do not want to add an exec to my code because I do not want the overhead of exec. I am thinking that someone may have written a loadable kernel module that would be tweak the same bit that exec tweaks that would allow the connect. That module would be called by the program. > -- > Daniel Jacobowitz > CodeSourcery >