Re: Preventing ptrace()

From: Timo Sirainen (tssat_private)
Date: Thu Jan 09 2003 - 17:53:36 PST

Next message: Andrew MacKenzie: "Re: PGP scripting..."

Previous message: Jason Lunz: "Re: Preventing ptrace()"
In reply to: Jason Lunz: "Re: Preventing ptrace()"
Next in thread: Glynn Clements: "Re: Preventing ptrace()"
Reply: Glynn Clements: "Re: Preventing ptrace()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2003-01-09 at 23:15, Jason Lunz wrote:
> tssat_private said:
> > Looks like once a process has called setuid(), no-one except root can
> > ptrace() it. I don't see this mentioned very clearly in any man page
> > though (*BSD, Linux).
> 
> my ptrace(2) page on debian woody says this:
> 
> ERRORS
>        EPERM  The  specified  process  cannot be traced.  This could be because
> 	      the parent has insufficient privileges; non-root processes cannot
> 	      trace processes  that they  cannot  send  signals  to or those
> 	      running setuid/setgid programs, for obvious reasons.
>               Alternatively, the process may already be being traced, or be
>               init (pid 1).

You mean the "running setuid/setgid programs"? How is setuid/setgid
program defined? I've always thought it was just the +s bit attached to
the file. When does the setuidness get cleared; after fork(), exec*(),
or ..? Is that standardized somewhere?

Next message: Andrew MacKenzie: "Re: PGP scripting..."
Previous message: Jason Lunz: "Re: Preventing ptrace()"
In reply to: Jason Lunz: "Re: Preventing ptrace()"
Next in thread: Glynn Clements: "Re: Preventing ptrace()"
Reply: Glynn Clements: "Re: Preventing ptrace()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 09:50:32 PST