[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    ptrace and non-readable files
From:       Lamagra Argamal <lamagra () HACKERMAIL ! NET>
Date:       2000-11-30 21:46:13
[Download RAW message or body]

At line 920 of fs/exec.c the kernel says

if (bprm->e_uid != current->euid || bprm->e_gid != current->egid || \
permission(bprm->inode,MAY_READ))  current->dumpable = 0;

Nevertheless you can trace non-readable files.
This might cause "secret" programs to leak information.

I came across this, while playing on a wargame (long time ago now), it had a program \
that gave the password as soon as you got a new level. This was non-readable for the \
obvious reason, but with the execute right you could just dump the memory of the \
process and read the content. Simple and quite easy, big problem? not really but \
still a problem.

-lamagra

Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41


[prev in list] [next in list] [prev in thread] [next in thread]