From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 1824 invoked from network); 13 Oct 2020 16:52:42 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 13 Oct 2020 16:52:42 -0000 Received: (qmail 15495 invoked by uid 550); 13 Oct 2020 16:52:39 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 15476 invoked from network); 13 Oct 2020 16:52:39 -0000 MIME-Version: 1.0 Date: Tue, 13 Oct 2020 19:52:28 +0300 From: Alexey Izbyshev To: musl@lists.openwall.com In-Reply-To: References: <93cbaeffbc860a145843e0380058c50e@ispras.ru> <20201012145549.GG17637@brightrain.aerifal.cx> User-Agent: Roundcube Webmail/1.4.4 Message-ID: <422e80eccf76a8937d3528c3cfe52aa2@ispras.ru> X-Sender: izbyshev@ispras.ru Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [musl] Calling setxid() in a vfork()-child On 2020-10-12 23:30, Alexey Izbyshev wrote: > ...However, thinking about it > more, I see that dropping privileges could open the child to new ways > of interaction from outside of the app in a window before execve(), > so, if, say, another unprivileged process can ptrace it at the right > moment, bad things could happen. > Alexander Monakov pointed out to me that this particular naive attack is not possible (unless "/proc/sys/fs/suid_dumpable" is changed or the application resets "dumpable" bit via prctl() after setxid()): https://elixir.bootlin.com/linux/v5.9/source/kernel/cred.c#L466 Alexey