[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

On Mon, Apr 28, 2008 at 12:51:48AM +0200, Thomas Viehmann wrote:
Colin Watson wrote:
I think it was my suggestion to Martin in the first place, so no, I
don't have any objection. :-) I haven't been following the thread,
though - has there been general consensus on this?

I must say that the thread did not do much to convince me.[1]

The only benefit that this has is to prevent programs from spying on
other programs run by the same user.  I don't know about you, but I
don't run arbitrary programs on my system, so if there is any process
spying on my ssh-agent, then either:

1) it came from Debian, in which case I suggest we handle that program
like micq (which had a malicious upstream); or
2) I wrote it myself, in which case I obviously designed it to do
exactly that.

So basically, the only interesting case is that Debian is shipping some
program that surreptitiously spies on other programs.  Is that the case?

I don't see how we gain any benefit by disabling ptrace.  All it
prevents me from doing is snooping on my own programs, which I might
want to do for any number of reasons (strace comes to mind).


brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: