Re: 2.4.16 + strace 4.4 + setuid programs

Damian M Gryski (dgryski@uwaterloo.ca)
Thu, 6 Dec 2001 01:52:53 -0500


On Thu, 06 Dec 2001, Keith Warno wrote:
> Hmm. Is strace supposed to be capable of tracing setuid programs (ie,
> su) when executed by mortal users? I always thought this was a big
> no-no.

Seems to me it drops permissions instead of not allowing the trace.

--- 8< --- cut here --- 8< ---
dmg@jolt:[pts/4]:~$ cat euid.c
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main() { printf("euid=%d\n", geteuid()); }

dmg@jolt:[pts/4]:~$ ls -l ./euid
-rwsr-sr-x 1 root root 5039 Dec 6 01:46 ./euid
dmg@jolt:[pts/4]:~$ ./euid
euid=0
dmg@jolt:[pts/4]:~$ strace -o /dev/null ./euid
euid=1000
dmg@jolt:[pts/4]:~$
--- 8< --- cut here --- 8< ---

Damian

-- 
Damian Gryski ==> dgryski@uwaterloo.ca | Linux, the choice of a GNU generation
512 pt Hacker Test score = 37%         | 500 pt Nerd Test score = 56% 
                   geek / linux zealot / coder / juggler
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/