FreeBSD VM gremlin

[root () IHACK NET (Charles M. Hannum)]

I'm sure I'll get lots of flames for forwarding this, but there's been
a lot of talk about this problem lately, and it definitely has serious
security implications; even if it turns out to be the case that the
contents of the file aren't modified, having the time stamp
pseudo-randomly change would make just about any sysadmin go into a
fit of paranoia.


Message-Id: <199809171409.KAA02717 () tuva engeast baynetworks com>
X-Mailer: exmh version 2.0.2 2/24/98
To: hackers () FreeBSD ORG
Subject: GDB modifies shared libraries?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 17 Sep 1998 10:09:09 -0400
From: Robert Withrow <bwithrow () BayNetworks COM>
Sender: owner-freebsd-hackers () FreeBSD ORG
X-Loop: FreeBSD.ORG

I was debugging a (large) program using GDB on an xterm (which
prevented me from getting the exact text, as you will see).  This
is on 2.2.6-RELEASE on a P6-200 with 128M ram.  I was running as
a normal user, not root.

I issued the "run" command and GDB said that /usr/lib/libc.so.3.1
had changed and it was re-loading it.  That was followed immediately
by X freezing, and then a spontaneous re-boot.

After the system re-booted, sure enough the date on /usr/lib/libc.so.3.1
had been changed!

Now, with this program, GDB generally says that the *program* has changed
*every* time I issue the "run" command, but I thought that was just a
GDB problem.  But I don't understand how GDB can override protections
on /usr/lib/libc.so.3.1 in order to change its date.  This seems like
an OS bug.

Any fixes around?

--
Robert Withrow -- (+1 978 916 8256)
BWithrow () BayNetworks com