From nobody  Thu May  8 08:12:44 1997
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id IAA02039;
          Thu, 8 May 1997 08:12:44 -0700 (PDT)
Message-Id: <199705081512.IAA02039@hub.freebsd.org>
Date: Thu, 8 May 1997 08:12:44 -0700 (PDT)
From: mfuhr@dimensional.com
To: freebsd-gnats-submit@freebsd.org
Subject: ktrace works even if no read permission
X-Send-Pr-Version: www-1.0

>Number:         3547
>Category:       kern
>Synopsis:       ktrace works even if no read permission
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May  8 08:20:04 PDT 1997
>Closed-Date:    Fri May 9 10:52:13 PDT 1997
>Last-Modified:  Fri May  9 10:52:40 PDT 1997
>Originator:     Michael Fuhr
>Release:        2.2-STABLE
>Organization:
Unspecified
>Environment:
FreeBSD winnie.pooh.org 2.2-STABLE FreeBSD 2.2-STABLE #0:
Wed May  7 19:19:10 MDT 1997
root@winnie.pooh.org:/usr/src/sys/compile/WINNIE-CDROM  i386
>Description:
Process tracing (options KTRACE) works on executables that
have no read permission (--x--x--x), even for group or others.
Read permission is usually turned off to keep users from knowing
some information about how the program works or what files it
accesses.

Granted that security by obscurity isn't a good policy, but some
people prefer to use it anyway, just to make the cracker's job
a little harder.
>How-To-Repeat:
1.  Write a "hello, world" program in C and compile it.
2.  Put the program in a world-accessible directory.
3.  chmod 111 program
4.  Run "ktrace program" as a different user.
5.  Run "kdump" as the different user.

>Fix:
Haven't investigated thoroughly.  Probably an additional check
in kern/kern_trace.c, function ktrcanset().
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: jmg 
State-Changed-When: Fri May 9 10:52:13 PDT 1997 
State-Changed-Why:  
dplicate of previous pr.. 
>Unformatted:
