Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
On Wed, Apr 30, 2008 at 10:46:29AM +0200, Martin Pitt wrote:
> Josselin Mouette [2008-04-30 10:17 +0200]:
> > This looks indeed like a reasonable alternative if we don't get the
> > noptrace group ; it would be easy to patch gksu/gnome-keyring/... with
> > the same stuff.
> I agree, and give the other possible attack scenarios it doesn't make
> much sense to throw a lot of effort (with noptrace group, etc.) at it.
In that case I'm inclined to leave it alone since adding a new group to
base-passwd really ought to involve converting it to debconf, and I
haven't quite mustered the enthusiasm to take care of that yet.
That said, if you decide you want to do it, having (say) a core
PolicyKit package do 'addgroup --system noptrace' in its postinst would
be fine as an interim measure; it doesn't *have* to be a global static
group, and even if we eventually decide that we do want to turn it into
one then that's not a problem.
Colin Watson [firstname.lastname@example.org]