der Mouse <mouseat_private> wrote: > > [symlink-paranoia code] > > > However, consider an average setuid root application, [...]. When > > the application reaches the critical section of code between the > > lstat and the open, you stop it by sending it a SIGSTOP. > > If you can send it a SIGSTOP, either you're running as root (in which > case you don't *need* to play with symlink races), the application is > running as you (in which case breaking it buys you nothing), or signal > delivery is critically broken. > > In fact, I suspect that any process you can SIGSTOP, you can attach to > with ptrace and do whatever you want without need for subtrefuge. Script started on Tue Jan 4 15:40:55 2000 bash-2.02$ ls -l ./slow -rwsr-xr-x 1 root nogroup 3170 Jan 4 15:36 ./slow bash-2.02$ whoami jdc bash-2.02$ ./slow & [1] 68416 bash-2.02$ ps -up 68416 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 68416 0.0 0.2 752 248 p1 S 3:41PM 0:00.01 ./slow bash-2.02$ kill -STOP 68416 [1]+ Stopped ./slow bash-2.02$ kill -CONT 68416 bash-2.02$ ps -up 68416 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 68416 0.0 0.2 752 248 p1 S 3:41PM 0:00.01 ./slow bash-2.02$ kill -9 68416 [1]+ Killed ./slow bash-2.02$ exit exit Script done on Tue Jan 4 15:42:06 2000
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:31 PDT