Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 May 1997 08:12:44 -0700 (PDT)
From:      mfuhr@dimensional.com
To:        freebsd-gnats-submit@FreeBSD.ORG
Subject:   kern/3546: ktrace works even if no read permission
Message-ID:  <199705081512.IAA02039@hub.freebsd.org>
Resent-Message-ID: <199705081520.IAA02366@hub.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         3546
>Category:       kern
>Synopsis:       ktrace works even if no read permission
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May  8 08:20:01 PDT 1997
>Last-Modified:
>Originator:     Michael Fuhr
>Organization:
Unspecified
>Release:        2.2-STABLE
>Environment:
FreeBSD winnie.pooh.org 2.2-STABLE FreeBSD 2.2-STABLE #0:
Wed May  7 19:19:10 MDT 1997
root@winnie.pooh.org:/usr/src/sys/compile/WINNIE-CDROM  i386
>Description:
Process tracing (options KTRACE) works on executables that
have no read permission (--x--x--x), even for group or others.
Read permission is usually turned off to keep users from knowing
some information about how the program works or what files it
accesses.

Granted that security by obscurity isn't a good policy, but some
people prefer to use it anyway, just to make the cracker's job
a little harder.
>How-To-Repeat:
1.  Write a "hello, world" program in C and compile it.
2.  Put the program in a world-accessible directory.
3.  chmod 111 program
4.  Run "ktrace program" as a different user.
5.  Run "kdump" as the different user.

>Fix:
Haven't investigated thoroughly.  Probably an additional check
in kern/kern_trace.c, function ktrcanset().
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705081512.IAA02039>