Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Although this is an interesting idea, I have misgivings about running
even temporarily with any sort of extra privileges; C++ executables in
particular may run a fair bit of code from static objects'
constructors before main() ever starts.
I would counter-propose introducing some sort of ELF tag that ld could
set and the kernel and ld.so could check; while this would be more
involved, it would be less hackish and would avoid introducing new
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://firstname.lastname@example.org