[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Can a driver give root privileges to a process?

To: "Dhiman,Gaurav" <Gaurav.Dhiman@xxxxxx>
Subject: RE: Can a driver give root privileges to a process?
From: "matrix reloaded" <matrix_reloaded18@xxxxxxxxxxxxxx>
Date: 2 Sep 2004 06:27:28 -0000
Cc: kernelnewbies@xxxxxxxxxxxx, "Timur Tabi" <timur.tabi@xxxxxxxxxxx>, arjanv@xxxxxxxxxx
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <kernelnewbies.nl.linux.org>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
Reply-to: "matrix reloaded" <matrix_reloaded18@xxxxxxxxxxxxxx>
Sender: kernelnewbies-bounce@xxxxxxxxxxxx

  I think that it's euid which is changed here... Actually your euid is checked to 
check privilege things like passwd binary. If you do this :- 
 
$ ls -l `which passwd` 
-r-s--x--x    1 root     root        16336 Feb 14  2003 /usr/bin/passwd 
 
As you can see here that "s" [Superuser bit] is set for this binary and using this 
program any user can change "/etc/passwd" contents, because when a use runs 
this binary, euid of the user process is set to the superuser and then it can access 
and modify "/etc/passwd" file which a normal user can't modify using normal text 
editors or some other tools... 
 
You can refer to book written by Vijay Mukhi [Boundless C] for this stuff. 
 
Thanks. 
Sumit Sharma. 
 
 
On Wed, 01 Sep 2004 Dhiman,Gaurav wrote : 
> 
>I hope, if you change the "uid" or "euid" (not sure which one) in 
>"task_struct" of current process to the uid of root, you process will 
>have root privileges. This is what "login" user program do, using set 
>_uid systemcall. 
> 
>There are specific significance of uid, euid, suid fields in 
>task_struct, before modifying them, do check there significance. 
> 
>I might be wrong, not sure about it, if I am wrong, please correct me. 
> 
>Regards, 
>Gaurav 
> 
> 
>-----Original Message----- 
> From: kernelnewbies-bounce@xxxxxxxxxxxx 
>[mailto:kernelnewbies-bounce@xxxxxxxxxxxx] On Behalf Of Timur Tabi 
>Sent: Wednesday, September 01, 2004 8:12 PM 
>To: arjanv@xxxxxxxxxx 
>Cc: kernelnewbies@xxxxxxxxxxxx 
>Subject: Re: Can a driver give root privileges to a process? 
> 
>Arjan van de Ven wrote: 
> 
> > Yes it is possible. The moment you do though your driver will end up 
>on 
> > bugtraq pretty fast. I can't believe "lets ignore security"! 
> 
>I know I need to consider the security issues before delivering the 
>product, but I want to at least explore the option first. 
> 
>However, I was hoping you would tell me HOW I give root privileges to a 
>process from a driver. 
> 
> 
>-- 
>Timur Tabi 
>Staff Software Engineer 
>timur.tabi@xxxxxxxxxxx 
> 
>-- 
>Kernelnewbies: Help each other learn about the Linux kernel. 
>Archive:       http://mail.nl.linux.org/kernelnewbies/ 
>FAQ:           http://kernelnewbies.org/faq/ 
> 
> 
> 
>-- 
>Kernelnewbies: Help each other learn about the Linux kernel. 
>Archive:       http://mail.nl.linux.org/kernelnewbies/ 
>FAQ:           http://kernelnewbies.org/faq/ 
>

Prev by Date: Re: loading module from user space
Next by Date: Sending siginfo from kernel to user space
Previous by thread: Re: Can a driver give root privileges to a process?
Next by thread: About schedule() and ISRs
Index(es):
- Date
- Thread