This is the mail archive of the gdb@sources.redhat.com mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: gdb and suid binaries - security?


This is a well known case.  The kernel does a permission check at the
time that the parent starts tracing the child (or Process A attaches to
Process B).  In the linux kernel, this check is in "ptrace_attach"
in file kernel/ptrace.c.

> Oddly enough I've noticed that this actually fails on both FreeBSD
> and Linux but it almost seems to be some mechanism outside of gdb.
> Does anyone know how this works?

gdb is an unprivileged process.  It just calls ptrace() a lot, or it
reads and write /proc a lot.  It's the kernel's job to deny gdb from
attaching to privileged processes, just as it's the kernel's job to deny
"cat > /etc/passwd" for unprivileged users.

Michael C


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]