Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
On Fri, Dec 07, 2007 at 07:18:11PM +0100, Martin Pitt wrote:
> What do you think about this approach? I'm well aware that this alone
> won't rescue desktop security (getting there is looots of more work),
> but one has to start somewhere.
I'm not particularly fussed about the race conditions involved with simply
using prctl, given that this is strictly a best-effort preventative measure,
and we can't expect it to fully protect the user anyway. As a "better than
nothing" measure, I think it's less important to aim for perfection.