Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

To: debian-devel@lists.debian.org
Cc: Martin Pitt <mpitt@debian.org>
Subject: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
From: Matt Zimmerman <mdz@debian.org>
Date: Sat, 8 Dec 2007 23:39:44 +0000
Message-id: <[🔎] 20071208233944.GB6762@perseus>
Mail-followup-to: debian-devel@lists.debian.org, Martin Pitt <mpitt@debian.org>
In-reply-to: <[🔎] 20071207181811.GA2720@piware.de>
References: <[🔎] 20071207181811.GA2720@piware.de>

On Fri, Dec 07, 2007 at 07:18:11PM +0100, Martin Pitt wrote:
> What do you think about this approach? I'm well aware that this alone
> won't rescue desktop security (getting there is looots of more work),
> but one has to start somewhere.

I'm not particularly fussed about the race conditions involved with simply
using prctl, given that this is strictly a best-effort preventative measure,
and we can't expect it to fully protect the user anyway.  As a "better than
nothing" measure, I think it's less important to aim for perfection.

-- 
 - mdz

Reply to:

References:
- Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: Martin Pitt <mpitt@debian.org>

Prev by Date: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Next by Date: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Previous by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Next by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Index(es):
- Date
- Thread