[17869] in bugtraq
ptrace and non-readable files
daemon@ATHENA.MIT.EDU (Lamagra Argamal)
Thu Nov 30 19:31:15 2000
Message-Id: <20001130214613.29154.qmail@fiver.freemessage.com>
Date: Thu, 30 Nov 2000 21:46:13 -0000
Reply-To: Lamagra Argamal <lamagra@HACKERMAIL.NET>
From: Lamagra Argamal <lamagra@HACKERMAIL.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
At line 920 of fs/exec.c the kernel says
if (bprm->e_uid != current->euid || bprm->e_gid != current->egid || permission(bprm->inode,MAY_READ))
current->dumpable = 0;
Nevertheless you can trace non-readable files.
This might cause "secret" programs to leak information.
I came across this, while playing on a wargame (long time ago now), it had a program that gave the password as soon as you got a new level. This was non-readable for the obvious reason, but with the execute right you could just dump the memory of the process and read the content.
Simple and quite easy, big problem? not really but still a problem.
-lamagra
Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41
