Bugtraq mailing list archives
Re: Flaws in recent Linux kernels
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Fri, 26 Oct 2001 16:22:50 +0200 (MET DST)
On Mon, 22 Oct 2001, Mariusz Woloszyn wrote:
On Fri, 19 Oct 2001, Martin Kacer wrote:PS: What about executing suid binary while some other process has our /proc/$$/mem opened for writing? Isn't there the same problem too? Unfortunately, I do not have enough time to investigate that.VERY quick test: opening mem WRONLY returns EINVAL while write(). Opening mem RDONLY works, but after exec() of setuid binary read() returns "no such process".
read() or write() to /proc/*/mem is not allowed unless you access 1. your own memory space, 2. the memory space of a process you are ptracing (and the process in q. is stopped).
Thinking 'bout mmaping and other tricks...
AFAIK, current Linux implementation of mmap() on /proc/*/mem makes a copy of existing page mappings. You cannot use it to get access to the new memory space created after execve().
But opening /proc/%i/exe of a process that executes suid binary works well. After exec() another process is able to read suid binary. [Isn't it known behavior???]
Excuse me? /proc/*/exe is a "magical" link leading to the file holding a program being executed. It circumvents directory access restrictions (nevertheless, you are not allowed to follow the link unless the process is your own...are you?) but it access restrictions on the file itself should be checked. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Flaws in recent Linux kernels Rafal Wojtczuk (Oct 18)
- RE: Flaws in recent Linux kernels Demitrious Kelly (Oct 18)
- Re: Flaws in recent Linux kernels Martin Kacer (Oct 19)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 22)
- Re: Flaws in recent Linux kernels Pavel Kankovsky (Oct 27)
- Re: Flaws in recent Linux kernels Solar Designer (Oct 23)
- Re: Flaws in recent Linux kernels Scott Dier (Oct 23)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 22)
- Re: Flaws in recent Linux kernels Thomas Fischbacher (Oct 25)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 27)
- Re: Flaws in recent Linux kernels Thomas Fischbacher (Oct 27)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 27)