From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-return-31635-listarch-gdb=sources.redhat.com@sourceware.org>
Received: (qmail 28825 invoked by alias); 14 Apr 2008 16:45:39 -0000
Received: (qmail 28812 invoked by uid 22791); 14 Apr 2008 16:45:39 -0000
X-Spam-Check-By: sourceware.org
Received: from yw-out-1718.google.com (HELO yw-out-1718.google.com) (74.125.46.155)     by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 14 Apr 2008 16:45:20 +0000
Received: by yw-out-1718.google.com with SMTP id 9so968129ywk.48         for <gdb@sourceware.org>; Mon, 14 Apr 2008 09:45:17 -0700 (PDT)
Received: by 10.115.54.7 with SMTP id g7mr3911370wak.212.1208191516684;         Mon, 14 Apr 2008 09:45:16 -0700 (PDT)
Received: by 10.114.37.17 with HTTP; Mon, 14 Apr 2008 09:45:16 -0700 (PDT)
Message-ID: <2379dacc0804140945k59f1aa9ase110fae6c154ece6@mail.gmail.com>
Date: Tue, 15 Apr 2008 01:24:00 -0000
From: "Michael Potter" <pottmi@gmail.com>
To: "Reynolds, Brandon" <brandon.reynolds@lmco.com>
Subject: Re: unable to attach to setuid program that as reverted it privilege
Cc: "Tavis Ormandy" <taviso@sdf.lonestar.org>, gdb@sourceware.org
In-Reply-To: <7ADDA4869AFB444695CDD37859452D5773B08F@emss04m21.us.lmco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <7ADDA4869AFB444695CDD37859452D5773AED1@emss04m21.us.lmco.com> 	 <20080414134616.GA17924@sdf.lonestar.org> 	 <7ADDA4869AFB444695CDD37859452D5773B08F@emss04m21.us.lmco.com>
X-IsSubscribed: yes
Mailing-List: contact gdb-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb.sourceware.org>
List-Subscribe: <mailto:gdb-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-owner@sourceware.org
X-SW-Source: 2008-04/txt/msg00117.txt.bz2

On Mon, Apr 14, 2008 at 11:28 AM, Reynolds, Brandon
<brandon.reynolds@lmco.com> wrote:
> Tavis,
>
>  Obviously there are security risks involved; however, sometimes the
>  choice is between giving users root and allowing them to debug a process
>  with some extended capabilities.
>
>  Michael,
>
>  I agree wholeheartedly with you that it would be good to have some fine
>  grained control over things.  I wonder if that is what
>  prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) is supposed to do?  See "man 2 prctl"
>  for details.
>
>  I can't seem to reproduce results however with either tweaking the proc
>  file or calling prctl().  What kernel are you running?
>

I am using what ever kernel is default with opensuse 10.3.  Sorry, I
am not at my suse box right now to give you a definite answer.

I played with prctl some time ago to fix a similar problem.  I did not
have any luck.  I kept running into people telling me that I should
not do that because it is a security hole.

If I recall correctly (and this was a couple of years ago), I looked
at the kernel source for pattach and found that the EPERM error was
output regardless of the process control or capability settings.  My
conclusion at that time was that it not implemented.

-- 
Michael Potter