Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

To: debian-devel@lists.debian.org
Subject: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Date: Sun, 9 Dec 2007 02:06:32 +0100
Message-id: <[🔎] 20071209010632.GA22784@uio.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20071207181811.GA2720@piware.de>
References: <[🔎] 20071207181811.GA2720@piware.de>

On Fri, Dec 07, 2007 at 07:18:11PM +0100, Martin Pitt wrote:
> However, a lot of programs that we have deal with passwords and other
> secrets which deserve some protection, like passwords you type into
> ssh, screensavers, seahorse, etc.

While I sort of like the idea, I must admit that if I couldn't debug various
programs without being root on a system, I would get rather mad at times.
strace, in particular, is an extremely useful debugging tool when a program
doesn't have verbose enough logging, and having such a mechanism without a
way to turn it off (short of creating your own binary, I guess?) would be
quite a pain.

FWIW, in Windows you need to be part of the "Debugger Users" group to debug
anything, which means in practice that most developers run as administrator
all the time (which means that a lot of software is only ever tested as
administrator and thus doesn't run without administrator privileges :-) ).

/* Steinar */
-- 
Homepage: http://www.sesse.net/

Reply to:

References:
- Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: Martin Pitt <mpitt@debian.org>

Prev by Date: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Next by Date: Veja o caso de Abaitetuba
Previous by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Next by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Index(es):
- Date
- Thread