su problem with 4.4.93

steve houseman steve at houseman.demon.co.uk
Fri Jan 31 01:47:03 UTC 2003 

Hello,

I thought I sent this once, I was sure I'd sent this the next time.
so here it is for the third time ...  I've changed my devel list to
non-batch and with ack so I should know sooner if it doesnt arrive.


linux kernel 2.4.18

In trying to recreate this problem in a simpler example, it seems
as though it is linked to  tracing suid executables.... which
I assume is ok ?

I wrote a trivial exe (aa) which printed out its uid and euid
and set it owned by root and suid (to mimic su)

strace  -o/tmp/dbin -f -F -tt -v su steve -c aa
prints out euid=1000 ie steve , but a straight run as steve of .aa
shows euid=0  as expected.
This is the same for 4.4.2 and 4.4.93 ... unlike the original problem
(with wine install) that I reported which occured on 4.4.93 but
4.4.2 was ok.


Investigating the suid problem with printk s in the kernel,
the problem area seems to be compute_creds and a chunk of code
that I dont understand what its purpose is ... but if
ptrace & PT_PTRACE_CAP were true then it wouldnt go that way ,
ie must_not_trace_exec would return zero, and
it would work... ie the bprm euid wouldnt be reset.
I guess that in the
/usr/src/linux-2.4.18/arch/i386/kernel/ptrace.c

asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
<snippety>
        if (request == PTRACE_TRACEME) {
                /* are we already being traced? */
                if (current->ptrace & PT_PTRACED)
                        goto out;
                /* set the ptrace bit in the process flags. */
                current->ptrace |= PT_PTRACED;


                if( current->uid == 0 ||     // <<<<< the 3 lines
                    current->euid == 0  )
                     current->ptrace |= PT_PTRACE_CAP ;
                ret = 0;
                goto out;
        }


then this would be set when a traceme request was made as root,
and this capability (or something) ought to be propagated to
children (and I *think* it would be).

The above seems to work , but I dont know enough to know whether
it is sensible or barmy ... and whether an attach (vs running
a prog) needs anything.
It seems to work in that an strace of su steve -c aa works
and the wine install works .... why did this (wine install)
work under 4.4.2 and not 4.4.93 ... I have no idea.... maybe
there is another problem lurking .

If there is anything else you want me to investigate re this
then let me know.

BTW, I notice there was zero interest in the annotator but it
does seem some sort of a match (or at least a start) for the
TODO ...  "consider adding general purpose interpreter"

Cheers,

Steve Houseman






-- 

currently  :                     | for strace, an annotator see -
steve at houseman demon co uk    | http://www.houseman.demon.co.uk/

More information about the Strace-devel mailing list