[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

Le vendredi 07 décembre 2007 à 19:18 +0100, Martin Pitt a écrit :
> Hi all,
> one thing that has bothered me for a long time already is the
> complete lack of a security boundary between processes of the same
> user. Things like LD_PRELOAD and ptrace() (IOW, gdb) are enabled by
> default for all users, and especially for developers this is a good
> thing.
> However, a lot of programs that we have deal with passwords and other
> secrets which deserve some protection, like passwords you type into
> ssh, screensavers, seahorse, etc.

> One easy solution that comes to my mind is to install those affected
> programs setgid, and drop the additional group immediately after
> program start with setgid(getgid()). For this we should introduce a
> new static group into base-passwd, like "noptrace", to not abuse
> existing groups and not confuse auditing tools.

Given that it seems unlikely that we obtain another solution, should we
start right now with that stuff? 

Colin, as base-passwd maintainer, do you have anything against creating
such a group?

: :' :      We are debian.org. Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

Reply to: