[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

killing setuid programs

From: Samuel Thibault
Subject: killing setuid programs
Date: Tue, 29 Aug 2006 01:55:55 +0200
User-agent: Mutt/1.5.12-2006-07-14


There's an issue with Joe user being able to kill setuid programs that
he launches: on the sending side, glibc does:

        err = HURD_MSGPORT_RPC (__proc_getmsgport (proc, pid, &msgport),
                                  (taskerr = __proc_pid2task (proc, pid,
                                                              &refport)) ?
                                  __proc_getsidport (proc, &refport) : 0, 1,
                                  kill_port (msgport, refport));

I.e. asks proc for the task port, and if that fails, asks proc for the
session port, then it sends the signal.

It happens that since the target got setuid'ed, the proc server had set
it owned by root, and hence pid2task fails.  I don't know exactly what
having a port on a task means, but I guess that's on purpose that even
if the real uid is Joe user, Joe user shouldn't have a task port on the
setuid-ed program.

As a result only proc_getsidport() works.

And on the receiving side, the ref port needs to be the task port for
letting any signal come in...


reply via email to

[Prev in Thread] Current Thread [Next in Thread]