[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

Colin Watson <cjwatson@debian.org> writes:

> On Sun, Apr 27, 2008 at 12:56:28PM +0200, Goswin von Brederlow wrote:
>> No idea how to prevent LD_PRELOAD and people could always use their
>> own linker to ignore the sgid bit anyway.
> If they want to deliberately start a program with reduced protection and
> then type their password into it, then that's their (foolish) choice.
> The point of this is so that processes started in good faith can't have
> their memory inspected so easily later on.

So it is their own fault if they set LD_PRELOAD to something that will
steal passwords. :)


Reply to: