[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

On Fri, Dec 07, 2007 at 07:18:11PM +0100, Martin Pitt wrote:
> What do you think about this approach? I'm well aware that this alone
> won't rescue desktop security (getting there is looots of more work),
> but one has to start somewhere.

I'm not particularly fussed about the race conditions involved with simply
using prctl, given that this is strictly a best-effort preventative measure,
and we can't expect it to fully protect the user anyway.  As a "better than
nothing" measure, I think it's less important to aim for perfection.

 - mdz

Reply to: