Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

To: Goswin von Brederlow <goswin-v-b@web.de>
Cc: Josselin Mouette <joss@debian.org>, debian-devel@lists.debian.org, Martin Pitt <mpitt@debian.org>
Subject: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
From: Goswin von Brederlow <goswin-v-b@web.de>
Date: Sun, 27 Apr 2008 16:39:52 +0200
Message-id: <[🔎] 87k5ijnyyv.fsf@frosties.localdomain>
In-reply-to: <[🔎] 20080427121928.GB16526@riva.ucam.org> (Colin Watson's message of "Sun, 27 Apr 2008 13:19:28 +0100")
References: <20071207181811.GA2720@piware.de> <[🔎] 1209286359.4588.6.camel@tomoyo> <[🔎] 87od7vo9b7.fsf@frosties.localdomain> <[🔎] 20080427121928.GB16526@riva.ucam.org>

Colin Watson <cjwatson@debian.org> writes:

> On Sun, Apr 27, 2008 at 12:56:28PM +0200, Goswin von Brederlow wrote:
>> No idea how to prevent LD_PRELOAD and people could always use their
>> own linker to ignore the sgid bit anyway.
>
> If they want to deliberately start a program with reduced protection and
> then type their password into it, then that's their (foolish) choice.
> The point of this is so that processes started in good faith can't have
> their memory inspected so easily later on.

So it is their own fault if they set LD_PRELOAD to something that will
steal passwords. :)

MfG
        Goswin

Reply to:

References:
- Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: Josselin Mouette <joss@debian.org>
- Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: Building with -msse
Next by Date: Re: Building with -msse
Previous by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Next by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Index(es):
- Date
- Thread