LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-02-2007, 06:44 PM   #1
m00n
LQ Newbie
 
Registered: Nov 2007
Posts: 3

Rep: Reputation: 0
core dump permission denied


hello everyone !
i have a little problem for which i cannot find a solution.
im enabling core dumps for suid programs
echo '1' >> /proc/sys/fs/suid_dumpable
i have a suid vuln program and im exploiting it.
-rwsr-sr-x 1 root root 6741 2007-11-02 22:59 retlib

m00n@localhost:~/w0rk$ ./retlib 111111111111111111111111111111
Segmentation fault (core dumped)
now we have a core file with root priviliges
-rw------- 1 root root 147456 2007-11-02 23:42 core
how can i make this core file to be with the priviliges of a user
which executed the program? so i can open it with gdb
thnx in advance.
 
Old 11-02-2007, 09:02 PM   #2
David1357
Senior Member
 
Registered: Aug 2007
Location: South Carolina, U.S.A.
Distribution: Ubuntu, Fedora Core, Red Hat, SUSE, Gentoo, DSL, coLinux, uClinux
Posts: 1,302
Blog Entries: 1

Rep: Reputation: 107Reputation: 107
Re: core dump permission denied

If you have root access, you can simply use
# chown user:group <filename>
But it looks like you are not the root user, so you might have to stop trying to crack that system. Before you get arrested.
 
Old 11-02-2007, 11:09 PM   #3
m00n
LQ Newbie
 
Registered: Nov 2007
Posts: 3

Original Poster
Rep: Reputation: 0
please read it carefully especially for you David1357
im enabling core dumps for suid programs
echo '1' >> /proc/sys/fs/suid_dumpable

can a simple user do that without the root access?

im doing my coursework and im cracking my ubuntu 7.10 box ))
could i be arrested for this ?)
if i was cracking someone's else box why would i need the core dumps
if i simply get all registers from gdb
about chowning,
i already did that but the core that is dumping
is taking root priviliges when im executing the program from the user.
why its happening im trying to figure out but unsuccessfully
can anyone help me please

here are logs to make it clearer
m00n@crack3:~/w0rk$ ./retlib `perl -e 'print "\x42"x100'`
Exploiting via returnig into libc function
Segmentation fault (core dumped)
m00n@crack3:~/w0rk$ ls -ls core
148 -rw------- 1 root root 147456 2007-11-03 04:34 core
m00n@crack3:~/w0rk$ su
Password:
root@crack3:/home/m00n/w0rk# chown m00n:m00n core
root@crack3:/home/m00n/w0rk# exit
exit
m00n@crack3:~/w0rk$ ./retlib `perl -e 'print "\x41"x100'`
Exploiting via returnig into libc function
Segmentation fault (core dumped)
m00n@crack3:~/w0rk$ gdb -q -c core
(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
Core was generated by `./retlib BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'.
Program terminated with signal 11, Segmentation fault.
#0 0x42424242 in ?? ()
(gdb) q

as we can see it doesnt change there is a 'B' character
while there should be an 'A'

Last edited by m00n; 11-02-2007 at 11:38 PM.
 
Old 11-02-2007, 11:52 PM   #4
complich8
Member
 
Registered: Oct 2007
Distribution: rhel, fedora, gentoo, ubuntu, freebsd
Posts: 104

Rep: Reputation: 15
Quote:
Originally Posted by m00n
i already did that but the core that is dumping
is taking root priviliges when im executing the program from the user.
why its happening im trying to figure out but unsuccessfully
can anyone help me please
setuid = the program, invoked as a user, runs as the owner of the program rather than the user that invoked it. So it only makes sense, given that the program is running as root, that the core file generated also ends up being root's.

If that weren't the case, then there'd be no point to the setuid bit, and no danger in having extraneous setuid programs on a system.
 
Old 11-03-2007, 01:23 AM   #5
m00n
LQ Newbie
 
Registered: Nov 2007
Posts: 3

Original Poster
Rep: Reputation: 0
so as u are saying it is impossible for programs with suid bit
that has been ran by the user to produce core dump with the users rights
did i get u right ?
i think i have seen somewhere in advisory it has happened
please correct me if im wrong
thanks

i have one more question why does the core can not overwrite itself after?
once i get executed it writes core file and doesnt change it anymore
is there something to do with ulimit ?

Last edited by m00n; 11-03-2007 at 04:13 AM.
 
Old 11-03-2007, 09:46 AM   #6
David1357
Senior Member
 
Registered: Aug 2007
Location: South Carolina, U.S.A.
Distribution: Ubuntu, Fedora Core, Red Hat, SUSE, Gentoo, DSL, coLinux, uClinux
Posts: 1,302
Blog Entries: 1

Rep: Reputation: 107Reputation: 107
Re: core dump permission denied

Quote:
Originally Posted by m00n View Post
so as u are saying it is impossible for programs with suid bit that has been ran by the user to produce core dump with the users rights
did i get u right ?
i think i have seen somewhere in advisory it has happened
Maybe you should find that advisory and see if it applies to your setup (i.e. kernel version, library versions, etc).

Quote:
Originally Posted by m00n View Post
i have one more question why does the core can not overwrite itself after? once i get executed it writes core file and doesnt change it anymore is there something to do with ulimit ?
I believe you have to delete the core file before you can write a new one. At least that is the way it used to work on the Sun machines I used at work many m00ns ago.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can't execute c++ binaries, "permission denied"... even though permission is 777 SerfurJ Programming 14 02-20-2009 04:50 AM
Core Dump on Solaris (Question about core file) dayalan_cse Solaris / OpenSolaris 3 10-06-2007 02:26 AM
'permission denied" inspite of right permission flags on network drive anirudhvij Linux - Enterprise 8 05-22-2007 05:57 AM
./ permission denied? DanTaylor Linux - General 5 03-14-2006 11:15 AM
Permission denied tonyevansau Linux - General 3 10-28-2005 07:57 PM


All times are GMT -5. The time now is 06:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration