From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 21653 invoked by alias); 23 Jan 2008 20:26:53 -0000 Received: (qmail 21643 invoked by uid 22791); 23 Jan 2008 20:26:52 -0000 X-Spam-Check-By: sourceware.org Received: from hs-out-0708.google.com (HELO hs-out-2122.google.com) (64.233.178.240) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 23 Jan 2008 20:26:33 +0000 Received: by hs-out-2122.google.com with SMTP id 4so1669756hsl.8 for ; Wed, 23 Jan 2008 12:26:31 -0800 (PST) Received: by 10.114.110.1 with SMTP id i1mr7815695wac.112.1201119990752; Wed, 23 Jan 2008 12:26:30 -0800 (PST) Received: by 10.115.58.2 with HTTP; Wed, 23 Jan 2008 12:26:30 -0800 (PST) Message-ID: <2379dacc0801231226h4b62928dk5c3fdc36fc9fcbbe@mail.gmail.com> Date: Wed, 23 Jan 2008 20:26:00 -0000 From: "Michael Potter" To: "Mark Kettenis" Subject: Re: unable to attach to setuid program that as reverted it privilege Cc: gdb@sourceware.org In-Reply-To: <2379dacc0801231048l655f3463y748a41c7a4ab8b49@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com> <200801231752.m0NHqQPh001359@brahms.sibelius.xs4all.nl> <2379dacc0801231048l655f3463y748a41c7a4ab8b49@mail.gmail.com> X-IsSubscribed: yes Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2008-01/txt/msg00239.txt.bz2 On Jan 23, 2008 12:48 PM, Michael Potter wrote: > > On Jan 23, 2008 11:52 AM, Mark Kettenis wrote: > > > Date: Tue, 22 Jan 2008 13:59:48 -0600 > > > From: "Michael Potter" > > > > > > Gdb Crew, > > > > > > I get this error when attaching to a setuid program that has > > > _given_up_ its root privilege setuid(getuid()): > > > > > > --------------------- > > > x~> gdb -p 19484 > > > GNU gdb 6.5 > > > Copyright (C) 2006 Free Software Foundation, Inc. > > > GDB is free software, covered by the GNU General Public License, and > > > you are > > > welcome to change it and/or distribute copies of it under certain > > > conditions. > > > Type "show copying" to see the conditions. > > > There is absolutely no warranty for GDB. Type "show warranty" for > > > details. > > > This GDB was configured as "i586-suse-linux". > > > Attaching to process 19484 > > > ptrace: Operation not permitted. <<<<<================= > > > > This is the only acceptable behaviour. The program might have dropped > > root priviliges but it might still hold resources acquired when it > > still had those priviliges and you might be able to exploit those. > > > > You should be able to attach to the process as root. If not, complain > > to the Linux kernel people. > > > > > > You are my point for me. > I really really really do not want to give me programmers the ability > to run the debugger as root. > > I think disallowing the attach is the only acceptable _default_ > behavior; but I think I should be able to override that default when I > am confident that my program does not hold any privileged resources. > > I will post to a Linux kernel list in a couple of days. I posted here > because I felt that I was likely to find someone who had the same > problem in this group. > > If I have to allow the programmers to run the debugger as root I will > have to wrap it in a script that will prevent them from attaching to > any other process than the ones that I can programmaticaly identify as > ok. Is there any option on gcc that will disable gcc commands that > might be used to attach to other processes once they have started gcc > as root? oops, my brain was thinking gdb, my fingers typed gcc. > > Thanks all for your thoughtful replies. > > -- > Michael Potter >