[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()



On Wed, Apr 30, 2008 at 10:46:29AM +0200, Martin Pitt wrote:
> Josselin Mouette [2008-04-30 10:17 +0200]:
> > This looks indeed like a reasonable alternative if we don't get the
> > noptrace group ; it would be easy to patch gksu/gnome-keyring/... with
> > the same stuff.
> 
> I agree, and give the other possible attack scenarios it doesn't make
> much sense to throw a lot of effort (with noptrace group, etc.) at it.

In that case I'm inclined to leave it alone since adding a new group to
base-passwd really ought to involve converting it to debconf, and I
haven't quite mustered the enthusiasm to take care of that yet.

That said, if you decide you want to do it, having (say) a core
PolicyKit package do 'addgroup --system noptrace' in its postinst would
be fine as an interim measure; it doesn't *have* to be a global static
group, and even if we eventually decide that we do want to turn it into
one then that's not a problem.

-- 
Colin Watson                                       [cjwatson@debian.org]


Reply to: