Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

To: debian-devel@lists.debian.org
Subject: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 27 Apr 2008 18:22:38 +0200
Message-id: <[🔎] 87wsmj6ze9.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 1209286359.4588.6.camel@tomoyo> (Josselin Mouette's message of "Sun, 27 Apr 2008 10:52:38 +0200")
References: <20071207181811.GA2720@piware.de> <[🔎] 1209286359.4588.6.camel@tomoyo>

* Josselin Mouette:

> Given that it seems unlikely that we obtain another solution, should we
> start right now with that stuff? 

I think it's a bit foolish to abuse SGID bits to take away permissions.
This kind of restriction is essentially a configuration option, and
applying it to the wrong program may break tools like fakeroot.  This
information should not be stored under /usr.

There has to be a cleaner solution, such as a sysctl that, when enabled,
restricts ptrace to root.

Reply to:

References:
- Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: Josselin Mouette <joss@debian.org>

Prev by Date: Re: Building with -msse
Next by Date: ITP: ffmpegthumbnailer -- fast and lightweight video thumbnailer
Previous by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Next by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Index(es):
- Date
- Thread