Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

To: debian-devel@lists.debian.org
Subject: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
From: Goswin von Brederlow <goswin-v-b@web.de>
Date: Mon, 28 Apr 2008 02:52:12 +0200
Message-id: <[🔎] 87myne94xv.fsf@frosties.localdomain>
In-reply-to: <[🔎] 20080427232304.GB18885@crustytoothpaste.ath.cx> (brian m. carlson's message of "Sun, 27 Apr 2008 23:23:04 +0000")
References: <20071207181811.GA2720@piware.de> <[🔎] 1209286359.4588.6.camel@tomoyo> <[🔎] 20080427102503.GZ16526@riva.ucam.org> <[🔎] 48150384.7090908@beamnet.de> <[🔎] 20080427232304.GB18885@crustytoothpaste.ath.cx>

"brian m. carlson" <sandals@crustytoothpaste.ath.cx> writes:

> On Mon, Apr 28, 2008 at 12:51:48AM +0200, Thomas Viehmann wrote:
> 1) it came from Debian, in which case I suggest we handle that program
> like micq (which had a malicious upstream); or
> 2) I wrote it myself, in which case I obviously designed it to do
> exactly that.

3) Some program has a security bug enabling others to run code.

For example your browser might have a faulty plugin and the next time
you use ssh-agent your ssh key and passphrase is reported back to some
malicious site.

MfG
        Goswin

Reply to:

References:
- Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: Josselin Mouette <joss@debian.org>
- Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: Colin Watson <cjwatson@debian.org>
- Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>

Prev by Date: Re: Building with -msse
Next by Date: heimdal and testing
Previous by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Next by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Index(es):
- Date
- Thread