[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

* Josselin Mouette:

> Given that it seems unlikely that we obtain another solution, should we
> start right now with that stuff? 

I think it's a bit foolish to abuse SGID bits to take away permissions.
This kind of restriction is essentially a configuration option, and
applying it to the wrong program may break tools like fakeroot.  This
information should not be stored under /usr.

There has to be a cleaner solution, such as a sysctl that, when enabled,
restricts ptrace to root.

Reply to: