Re: /proc/<pid>/mem unreadable (was strace and linux 1.3.97)

James H. Cloos Jr. (cloos@jhcloos.com)
Thu, 2 May 1996 05:38:47 -0500


>>>>> "?????" == unknown author writes:
>>>>> "Aaron" == Aaron Ucko <ucko@vax1.rockhurst.edu> writes:
>>>>> "Kevin" == Kevin M Bealer <kmb203@psu.edu> writes:

?????> The same happened to me. The problem is that strace accesses
?????> the tracee's memory through /proc/<pid>/mem but as of 1.3.96
?????> any read from processes different from the one which owns the
?????> memory fail with EACCES.

Aaron> This looks like an overly-conservative patch for the
Aaron> /proc/<pid>/mem security hole involving setuid programs. The
Aaron> kernel should really return EACCESS only if the process we are
Aaron> trying to read is setuid.

Kevin> From what I caught of the discussion, you can start watching
Kevin> the process's memory, then have the process 'exec' something
Kevin> suid root, and read straight through the suid root memory.

Seems to me that the answer, then, is to have /prov/<pid>/mem mod 600
and owned by the euid of the process, rather than owned by the uid
that ran it. Linus?

-JimC

-- 
James H. Cloos, Jr.	<URL:http://www.jhcloos.com/~cloos/>
cloos@jhcloos.com	Work: cloos@io.com
LPF,Usenix,SAGE,ISOC,ACLU