On Fri, 19 Oct 2001, Martin Kacer wrote: > PS: What about executing suid binary while some other process has our > /proc/$$/mem opened for writing? Isn't there the same problem too? > Unfortunately, I do not have enough time to investigate that. > VERY quick test: opening mem WRONLY returns EINVAL while write(). But opening /proc/%i/exe of a process that executes suid binary works well. After exec() another process is able to read suid binary. [Isn't it known behavior???] Opening mem RDONLY works, but after exec() of setuid binary read() returns "no such process". Thinking 'bout mmaping and other tricks... Tested on 2.2.19. -- Mariusz Wołoszyn Internet Security Specialist, Internet Partners
