[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: ptrace and non-readable files
From: Lamagra Argamal <lamagra () HACKERMAIL ! NET>
Date: 2000-11-30 21:46:13
[Download RAW message or body]
At line 920 of fs/exec.c the kernel says
if (bprm->e_uid != current->euid || bprm->e_gid != current->egid || \
permission(bprm->inode,MAY_READ)) current->dumpable = 0;
Nevertheless you can trace non-readable files.
This might cause "secret" programs to leak information.
I came across this, while playing on a wargame (long time ago now), it had a program \
that gave the password as soon as you got a new level. This was non-readable for the \
obvious reason, but with the execute right you could just dump the memory of the \
process and read the content. Simple and quite easy, big problem? not really but \
still a problem.
-lamagra
Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic