oss-sec mailing list archives
Re: Re: Asserts considered harmful (or GMP spills its sensitive information)
From: halfdog <me () halfdog net>
Date: Tue, 01 Jan 2019 13:52:38 +0000
Simon McVittie writes:
On Tue, 01 Jan 2019 at 12:07:17 +0100, Niels M�ller wrote: ... Some processes (including those that are setuid or setgid, I think?) are automatically undumpable.
This is not true and depends on your "/proc/sys/fs/suid_dumpable" settings, see [0]. Especially "2" was intended to capture cores from SUIDs also, e.g. together with systemd-coredump. To test your SUID-coredump behaviour, you can use NullExec.c from below. It quite reliable segfaults many SUID binaries. The argv -> env trickery is useful as some binaries (e.g. crontab) overread the gap between argv/env on stack so start processing environment variables as argvs, thus circumventing any IDS/IPS depending on correct checking of execve()'s call arguments. $ ./NullExec /bin/su hd [0] https://github.com/torvalds/linux/blob/master/Documentation/sysctl/fs.txt $ cat NullExec.c #define _GNU_SOURCE #include <stdio.h> #include <unistd.h> int main(int argc, char **argv) { if(argc<2) { fprintf(stderr, "Usage: %s [progname] [envvars...]\n"); return(1); } execve(argv[1], NULL, argv+2); return(1); }
Current thread:
- Re: Asserts considered harmful (or GMP spills its sensitive information) Matthew Fernandez (Jan 01)
- Disabling ptrace (was Re: [oss-security] Asserts considered harmful (or GMP spills its sensitive information)) Niels Möller (Jan 01)
- Re: Disabling ptrace Jakub Wilk (Jan 02)
- Re: Disabling ptrace Niels Möller (Jan 02)
- Re: Disabling ptrace Jakub Wilk (Jan 02)
- <Possible follow-ups>
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Simon McVittie (Jan 01)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) halfdog (Jan 01)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 02)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) halfdog (Jan 02)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Simon McVittie (Jan 01)
- Disabling ptrace (was Re: [oss-security] Asserts considered harmful (or GMP spills its sensitive information)) Niels Möller (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Vincent Lefevre (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Torbjörn Granlund (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 06)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 06)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)