RE: Can a driver give root privileges to a process?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

  I think that it's euid which is changed here... Actually your euid is checked to 
check privilege things like passwd binary. If you do this :- 
 
$ ls -l `which passwd` 
-r-s--x--x    1 root     root        16336 Feb 14  2003 /usr/bin/passwd 
 
As you can see here that "s" [Superuser bit] is set for this binary and using this 
program any user can change "/etc/passwd" contents, because when a use runs 
this binary, euid of the user process is set to the superuser and then it can access 
and modify "/etc/passwd" file which a normal user can't modify using normal text 
editors or some other tools... 
 
You can refer to book written by Vijay Mukhi [Boundless C] for this stuff. 
 
Thanks. 
Sumit Sharma. 
 
 
On Wed, 01 Sep 2004 Dhiman,Gaurav wrote : 
> 
>I hope, if you change the "uid" or "euid" (not sure which one) in 
>"task_struct" of current process to the uid of root, you process will 
>have root privileges. This is what "login" user program do, using set 
>_uid systemcall. 
> 
>There are specific significance of uid, euid, suid fields in 
>task_struct, before modifying them, do check there significance. 
> 
>I might be wrong, not sure about it, if I am wrong, please correct me. 
> 
>Regards, 
>Gaurav 
> 
> 
>-----Original Message----- 
> From: kernelnewbies-bounce@xxxxxxxxxxxx 
>[mailto:kernelnewbies-bounce@xxxxxxxxxxxx] On Behalf Of Timur Tabi 
>Sent: Wednesday, September 01, 2004 8:12 PM 
>To: arjanv@xxxxxxxxxx 
>Cc: kernelnewbies@xxxxxxxxxxxx 
>Subject: Re: Can a driver give root privileges to a process? 
> 
>Arjan van de Ven wrote: 
> 
> > Yes it is possible. The moment you do though your driver will end up 
>on 
> > bugtraq pretty fast. I can't believe "lets ignore security"! 
> 
>I know I need to consider the security issues before delivering the 
>product, but I want to at least explore the option first. 
> 
>However, I was hoping you would tell me HOW I give root privileges to a 
>process from a driver. 
> 
> 
>-- 
>Timur Tabi 
>Staff Software Engineer 
>timur.tabi@xxxxxxxxxxx 
> 
>-- 
>Kernelnewbies: Help each other learn about the Linux kernel. 
>Archive:       http://mail.nl.linux.org/kernelnewbies/ 
>FAQ:           http://kernelnewbies.org/faq/ 
> 
> 
> 
>-- 
>Kernelnewbies: Help each other learn about the Linux kernel. 
>Archive:       http://mail.nl.linux.org/kernelnewbies/ 
>FAQ:           http://kernelnewbies.org/faq/ 
>
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux