This is the mail archive of the gdb-prs@sources.redhat.com mailing list for the GDB project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
The following reply was made to PR gdb/1514; it has been noted by GNATS. From: Agazzini Maurizio <maurizio@mediaservice.net> To: Daniel Jacobowitz <drow@mvista.com> Cc: gdb-gnats@sources.redhat.com Subject: Re: gdb/1514: solaris setuid Date: Tue, 20 Jan 2004 13:05:24 +0100 Hi all, gdb work corretly on setuid files on linux and *BSD. the problem is only on solaris, the root can trace (see truss or apptrace) a setuid file. Also GDB can attach to a setuid running process, but have problem when is trying to create it... The problem seem to be when it's trying to write something to /proc/pid/status... As you told it's ok that an user can't debug setuid programs, but the root can do it... Thank you in advance. Agazzini Maurizio root@merlino[/export/home/inode]: id uid=0(root) gid=1(other) root@merlino[/export/home/inode]: root@merlino[/export/home/inode]: cat test.c void main(){ printf("test\n"); } root@merlino[/export/home/inode]: gcc -o test test.c test.c: In function `main': test.c:2: warning: return type of `main' is not `int' root@merlino[/export/home/inode]: chmod +s test root@merlino[/export/home/inode]: root@merlino[/export/home/inode]: gdb test GNU gdb 6.0 Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.8"...(no debugging symbols found)... (gdb) r Starting program: /export/home/inode/test procfs: target_wait (wait_for_stop) line 3931, /proc/11035: Resource temporarily unavailable. (gdb) quit root@merlino[/export/home/inode]: truss gdb test [..] open("/proc/11038/status", O_RDONLY) = 6 [...] getsid(0) = 242 ioctl(0, TIOCSPGRP, 0xFFBEEA90) = 0 write(5, "\0\0\005\0\0\003", 8) = 8 lseek(6, 0, SEEK_SET) = 0 read(6, 0x002DB510, 1232) Err#11 EAGAIN write(5, "\0\0\003", 4) Err#11 EAGAIN sigaction(SIGTTOU, 0xFFBEE400, 0xFFBEE480) = 0 ioctl(0, TCGETS, 0x002B2F58) = 0 ioctl(0, TIOCGSID, 0xFFBEE454) = 0 getsid(0) = 242 ioctl(0, TIOCGPGRP, 0xFFBEE4BC) = 0 ioctl(0, TCSETS, 0xFFBEE418) = 0 ioctl(0, TIOCGSID, 0xFFBEE45C) = 0 getsid(0) = 242 ioctl(0, TIOCSPGRP, 0xFFBEE508) = 0 sigaction(SIGTTOU, 0xFFBEE400, 0xFFBEE480) = 0 fcntl(0, F_GETFL, 0x00000000) = 2 fstat64(0, 0xFFBEE3B8) = 0 fstat64(0, 0xFFBEE3B8) = 0 fcntl(0, F_SETFL, 0x00002002) = 0 fstat64(0, 0xFFBEE428) = 0 fcntl(0, F_SETFL, 0x00002002) = 0 write(2, 0x002D8500, 0) = 0 procfs: target_wait (wait_for_stop) line 3931, /proc/11038: Resource temporarily unavailable.write(2, " p r o c f s : t a r g".., 93) = 93 [...] Daniel Jacobowitz ha scritto: > I am not familiar with Solaris so take this with a grain of salt. > > On Fri, Jan 16, 2004 at 01:38:54PM -0000, maurizio@mediaservice.net wrote: > >>GDB has problem to trace setuid file on solaris system. > > >>(gdb) r >>Starting program: /usr/bin/passwd >>procfs: target_wait (wait_for_stop) line 3931, /proc/269: Resource temporarily unavailable. > > > Almost no system will let you debug a setuid binary. It's a security > hole, since it elevates the privilege of the debugger. > -- +-------------------------------------------------------------------+ | Agazzini Maurizio Tel: +39-011-32.72.100 | | Security Analyst Fax: +39-011-32.46.497 | | @ Mediaservice.net S.R.L. D.S.D. Data Security Division | | | | PGP Key : http://www.wayreth.eu.org/Agazzini_Maurizio.asc | | Disclaimer: http://@Mediaservice.net/disclaimer | +-------------------------------------------------------------------+
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |