[9061] in bugtraq
Re: Tracing by uid u after root does setuid(u)
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Jan 15 01:20:15 1999
Date: Wed, 13 Jan 1999 21:55:39 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: "D. J. Bernstein" <djb@CR.YP.TO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Wed, 13 Jan 1999 02:39:16 GMT."
<19990113023916.25935.qmail@cr.yp.to>
>Perhaps the Sun kernel developers aren't aware that it's bad to allow
>tracing after a program changes uid, but obviously they are aware that
>it's bad to allow tracing of an unreadable program. In fact, the /proc
>documentation identifies this as a security measure.
This has long been fixed in Solaris. (I think it was fixed before
2.6 was released; there's a patch for Solaris 2.5.1 also)
Since the patch, programs that are set-uid, call set*uid or set*gid cannot
be traced and cannot dump core. (Which upset yet another batch of
customers so there's an option in Solaris 7 to make set-uid programs
dump core if the kernel is so configured)
(Oh, and Dan Bernstein wins the useless use of lseek award; dd can seek fine)
Casper
