derekbruening
commented
9 years ago Actually with early injection, an suid app ends up run as the parent user: it does not fail to launch, it just runs incorrectly.
Open derekbruening opened 9 years ago
derekbruening
commented
9 years ago Actually with early injection, an suid app ends up run as the parent user: it does not fail to launch, it just runs incorrectly.
derekbruening
commented
9 years ago I'm not sure where to put this warning. There are 3 possibilities: 1) In each frontend: but this misses child processes which is where this often happens 2) In drinjectlib w/ some kind of error/warning return value: but again misses children 3) In DR on injecting across execve: but how make it visible? Just a SYSLOG?
Maybe just updating the docs is enough for now.
We should update the docs and the new default early injector to warn about suid/sgid binaries, which we will fail to inject into (and the app will fail to run, which if it's a child inside a larger process tree will likely fail the whole parent app). We can still suggest the /etc/ld.so.preload workaround, by keeping libdrpreload.so around.