Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Colin Watson <firstname.lastname@example.org> writes:
> On Sun, Apr 27, 2008 at 12:56:28PM +0200, Goswin von Brederlow wrote:
>> No idea how to prevent LD_PRELOAD and people could always use their
>> own linker to ignore the sgid bit anyway.
> If they want to deliberately start a program with reduced protection and
> then type their password into it, then that's their (foolish) choice.
> The point of this is so that processes started in good faith can't have
> their memory inspected so easily later on.
So it is their own fault if they set LD_PRELOAD to something that will
steal passwords. :)