[7960] in bugtraq
FreeBSD VM gremlin
daemon@ATHENA.MIT.EDU (Charles M. Hannum)
Thu Sep 17 12:56:54 1998
Date: Thu, 17 Sep 1998 10:49:57 -0400
Reply-To: "Charles M. Hannum" <root@IHACK.NET>
From: "Charles M. Hannum" <root@IHACK.NET>
To: BUGTRAQ@NETSPACE.ORG
I'm sure I'll get lots of flames for forwarding this, but there's been
a lot of talk about this problem lately, and it definitely has serious
security implications; even if it turns out to be the case that the
contents of the file aren't modified, having the time stamp
pseudo-randomly change would make just about any sysadmin go into a
fit of paranoia.
Message-Id: <199809171409.KAA02717@tuva.engeast.baynetworks.com>
X-Mailer: exmh version 2.0.2 2/24/98
To: hackers@FreeBSD.ORG
Subject: GDB modifies shared libraries?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 17 Sep 1998 10:09:09 -0400
From: Robert Withrow <bwithrow@BayNetworks.COM>
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.ORG
I was debugging a (large) program using GDB on an xterm (which
prevented me from getting the exact text, as you will see). This
is on 2.2.6-RELEASE on a P6-200 with 128M ram. I was running as
a normal user, not root.
I issued the "run" command and GDB said that /usr/lib/libc.so.3.1
had changed and it was re-loading it. That was followed immediately
by X freezing, and then a spontaneous re-boot.
After the system re-booted, sure enough the date on /usr/lib/libc.so.3.1
had been changed!
Now, with this program, GDB generally says that the *program* has changed
*every* time I issue the "run" command, but I thought that was just a
GDB problem. But I don't understand how GDB can override protections
on /usr/lib/libc.so.3.1 in order to change its date. This seems like
an OS bug.
Any fixes around?
--
Robert Withrow -- (+1 978 916 8256)
BWithrow@BayNetworks.com
