13 May
2017
13 May
'17
6:51 a.m.
On Fri, May 12, 2017, at 20:44, Noel Chiappa wrote:
So now I'm wondering - was this really the bug?
Or was there some
bug in ptrace I don't see, which was the actual bug that's being
discussed here.
Ah. There's the other piece. You start the SUID program under the
debugger, and rather than kicking off the debugger, it simply starts it
non-suid. *However*, in the presence of shared text (either of the two
cases being checked for in the other place), you can make changes to the
text image (e.g. put whatever code you want at the entry point), which
will be reused the *next* time it is started *without* the debugger.