Re: Access to unix socket files

Wed, 16 Aug 2023 09:38:32 -0700 

> Given a ssh-agent
The simple reason is that the ssh-agent explicitly disables tracing.

```
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
        /* Disable ptrace on Linux without sgid bit */
        if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
                fatal("unable to make process undumpable: %s",
                    strerror(errno));
#endif
```

So you won't be able to dump anything on this process, even if your user owns 
it.

You can do a little experiment by rebuilding the ssh agent without the call to 
`platform_disable_tracing()` in `main()`. fuser will then be able to list the 
socket.

> I cannot quite see why you would want to make it

For security reasons, a lot of processes would call `prctl(PR_SET_DUMPABLE, 
0)`, it is very impractical to patch out this call just to list their sockets 
without root privilege.

> (as in: lie)
They are not lying, please see `man prctl.2`.



---
Paul M. Ärloch
Lingvam scriptvm habere debes vt hanc paginam inspicias.

------- Original Message -------
On Wednesday, August 16th, 2023 at 3:37 PM, Hauke Fath 
<[email protected]> wrote:


> On 8/16/23 17:20, memchr wrote:
> 
> > > not able to get any information on active unix
> > > domain sockets
> 
> > What do you mean by this? Can you provide more context, such as the
> > command you tried to run and the resulting error message?
> 
> 
> Sure.
> 
> Given a ssh-agent(8) socket, running lsof/sockstat/fuser as
> non-privileged user
> 
> % ls -l /tmp/ssh-XXXXXXXw5UyQ/
> total 0
> srw------- 1 hf4kh spgmit 0 Aug 16 16:44 agent.629
> % lsof -U
> % sockstat -u | grep /tmp/ssh-
> % fuser /tmp/ssh-XXXXXXXw5UyQ/agent.629
> %
> 
> whereas for root
> 
> # lsof -U | grep /tmp/ssh-
> ssh-agent 630 hf4kh 3u unix 0x00000000f56378b9 0t0 21916
> /tmp/ssh-XXXXXXXw5UyQ/agent.629 type=STREAM
> # # sockstat -u | grep /tmp/ssh-
> root rserver 363 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> root rserver 363 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> root sendmail 401 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> root lxdm-greeter-gt 575 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> root ssh-agent 630 unix
> /tmp/ssh-XXXXXXXw5UyQ/agent.629
> # fuser /tmp/ssh-XXXXXXXw5UyQ/agent.629
> /tmp/ssh-XXXXXXXw5UyQ/agent.629: 630
> #
> 
> (the sockstat(1) output looks a bit off, though).
> 
> I can see that you might want the option to restrict information
> access that way, but I cannot quite see why you would want to make it
> the default, and just return nothing (as in: lie) instead of flagging a
> lack of permissions.
> 
> HTH,
> Hauke
> 
> --
> The ASCII Ribbon Campaign Hauke Fath
> () No HTML/RTF in email Institut für Nachrichtentechnik
> /\ No Word docs in email TU Darmstadt
> Respect for open standards Ruf +49-6151-16-21344

Reply via email to