[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

On Sat, Dec 08, 2007 at 05:01:27PM -0500, Aaron M. Ucko wrote:
> Although this is an interesting idea, I have misgivings about running
> even temporarily with any sort of extra privileges; C++ executables in
> particular may run a fair bit of code from static objects'
> constructors before main() ever starts.

There are no extra privileges; noptrace is intended to be a group that owns
no files other than the sgid binaries, can write to none of them, contains
no users, is unable to ptrace any other processes that it couldn't already,
and doesn't grant privileges to kill any processes that the user couldn't
already kill.  It's an extra group membership, but where do you see extra
privileges here?

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to: