This bug should normally not be dangerous, but you never know.
Consider a file which is execute only.
---x--x--x 1 andi users 8576 Sep 14 21:45 foobar
You can not debug it, but 'strace' works, which should not, IMHO.
Things even get worse, if the binary does a fork. In this
case strace fails, if tries to trace the child process, which is
correct.
The same problem is on 2.1.x, I think.
My suggestion is to allow ptrace only on readable executables.
Greetings
Andreas
( Patch is against 2.0.35 )
diff -u --rec old/linux/fs/exec.c linux/fs/exec.c
--- old/linux/fs/exec.c Mon Sep 14 21:24:32 1998
+++ linux/fs/exec.c Mon Sep 14 21:40:03 1998
@@ -561,6 +561,12 @@
}
}
+ /* ptraced executables must be readable */
+ if (current->flags & PF_PTRACED) {
+ if ((retval = permission(bprm->inode, MAY_READ)) != 0)
+ return retval;
+ }
+
memset(bprm->buf,0,sizeof(bprm->buf));
return read_exec(bprm->inode,0,bprm->buf,128,1);
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/