Re: Minor PTRACE security bug

Chris Evans (chris@ferret.lmh.ox.ac.uk)
Tue, 15 Sep 1998 19:10:03 +0100 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: STREAMS: interface versus implementation"
Previous message: Alan Cox: "Re: 2.0.36-pre9"
In reply to: tack@sault.org: "ipchains blocks from SOCK_RAW?"

On Tue, 15 Sep 1998, Andreas Kies wrote:

> Hello everybody,
>
> This bug should normally not be dangerous, but you never know.
>
> Consider a file which is execute only.
>
> ---x--x--x 1 andi users 8576 Sep 14 21:45 foobar
>
> You can not debug it, but 'strace' works, which should not, IMHO.

I noted this "security" problem a while back. I believe I was told the
behaviour you see is pretty much standard UNIX behaviour.

Fixing the strace is easy. However, that's only half the problem; look at
how the aout and ELF loaders kernel code mmap the executable.

Chris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: STREAMS: interface versus implementation"
Previous message: Alan Cox: "Re: 2.0.36-pre9"
In reply to: tack@sault.org: "ipchains blocks from SOCK_RAW?"