Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
* Josselin Mouette:
> Given that it seems unlikely that we obtain another solution, should we
> start right now with that stuff?
I think it's a bit foolish to abuse SGID bits to take away permissions.
This kind of restriction is essentially a configuration option, and
applying it to the wrong program may break tools like fakeroot. This
information should not be stored under /usr.
There has to be a cleaner solution, such as a sysctl that, when enabled,
restricts ptrace to root.
Reply to: