Today I heard at Uni something that broke my mental model about separation of users' rights. Namely, I heard that:
I can freely debug all programs I have the permission to run, even those that have setuid set to root.
That means I can, for example, run su
under debugger. I tried it and it worked:
gdb su
This is mind-blowing for me. May I present you my former mental model about users' rights management so that you can correct me where I'm wrong and explain to me how things really are?
Until today, I used to believe that:
- Anything that runs under my user account is, by definition, "mine". That is, I can freely do anything what I want with such a program, in particular I can debug it, which entails I can read and modify all data such a program stores in its memory, or even patch it while it is running.
- Programs with
setuid
set to other user - let's assume it's root, for the sake of simplicity - run with rights exceeding rights of my user account, but in return they're supposed to do only what they were designed to do: anything more and it's a security breach. Thus, these programs, while they can be run by my account, nevertheless run under the account that owns them - so from the POV of rights management, they run as if they were run by their owner - so I cannot read their memory or interrupt their execution, so that I cannot bend them to my will, so in particular I cannot debug them.
The second point is manifestly false. But, according to my (clearly wrong) mental model, this entails that, if I - for example - run su
under gdb
, I can trap the moment where su
decides if the password is correct, modify this fragment of su
's memory to force it to believe that the answer to this fundamental question is positive, then resume its execution and voila, I now have root rights. Well, binary authors might try to obfuscate their code to make this difficult, but a skilled and persistent person can always overcome this and this doesn't apply to su
anyway since it's open source.
Where is my mental model wrong? Where is it at odds with reality?