Re: Preventing ptrace()

From: Timo Sirainen (tssat_private)
Date: Thu Jan 09 2003 - 17:53:36 PST

  • Next message: Andrew MacKenzie: "Re: PGP scripting..."

    On Thu, 2003-01-09 at 23:15, Jason Lunz wrote:
    > tssat_private said:
    > > Looks like once a process has called setuid(), no-one except root can
    > > ptrace() it. I don't see this mentioned very clearly in any man page
    > > though (*BSD, Linux).
    > 
    > my ptrace(2) page on debian woody says this:
    > 
    > ERRORS
    >        EPERM  The  specified  process  cannot be traced.  This could be because
    > 	      the parent has insufficient privileges; non-root processes cannot
    > 	      trace processes  that they  cannot  send  signals  to or those
    > 	      running setuid/setgid programs, for obvious reasons.
    >               Alternatively, the process may already be being traced, or be
    >               init (pid 1).
    
    You mean the "running setuid/setgid programs"? How is setuid/setgid
    program defined? I've always thought it was just the +s bit attached to
    the file. When does the setuidness get cleared; after fork(), exec*(),
    or ..? Is that standardized somewhere?
    



    This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 09:50:32 PST