|
Date: Tue, 01 Jan 2019 13:52:38 +0000 From: halfdog <me@...fdog.net> To: oss-security@...ts.openwall.com Subject: Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Simon McVittie writes: > On Tue, 01 Jan 2019 at 12:07:17 +0100, Niels Möller wrote: > ... > > Some processes (including those that are setuid or setgid, > I think?) are automatically undumpable. This is not true and depends on your "/proc/sys/fs/suid_dumpable" settings, see [0]. Especially "2" was intended to capture cores from SUIDs also, e.g. together with systemd-coredump. To test your SUID-coredump behaviour, you can use NullExec.c from below. It quite reliable segfaults many SUID binaries. The argv -> env trickery is useful as some binaries (e.g. crontab) overread the gap between argv/env on stack so start processing environment variables as argvs, thus circumventing any IDS/IPS depending on correct checking of execve()'s call arguments. $ ./NullExec /bin/su hd [0] https://github.com/torvalds/linux/blob/master/Documentation/sysctl/fs.txt $ cat NullExec.c #define _GNU_SOURCE #include <stdio.h> #include <unistd.h> int main(int argc, char **argv) { if(argc<2) { fprintf(stderr, "Usage: %s [progname] [envvars...]\n"); return(1); } execve(argv[1], NULL, argv+2); return(1); }
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.