Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()

To: debian-devel@lists.debian.org
Subject: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
From: Steve Langasek <vorlon@debian.org>
Date: Thu, 1 May 2008 00:21:34 -0700
Message-id: <[🔎] 20080501072134.GI20822@dario.dodds.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <87wsmj6ze9.fsf@mid.deneb.enyo.de>
References: <20071207181811.GA2720@piware.de> <1209286359.4588.6.camel@tomoyo> <87wsmj6ze9.fsf@mid.deneb.enyo.de>

On Sun, Apr 27, 2008 at 06:22:38PM +0200, Florian Weimer wrote:
> * Josselin Mouette:

> > Given that it seems unlikely that we obtain another solution, should we
> > start right now with that stuff? 

> I think it's a bit foolish to abuse SGID bits to take away permissions.
> This kind of restriction is essentially a configuration option, and
> applying it to the wrong program may break tools like fakeroot.  This
> information should not be stored under /usr.

> There has to be a cleaner solution, such as a sysctl that, when enabled,
> restricts ptrace to root.

... which will then be disabled on any system where a user needs to debug
any application, leaving everything vulnerable to ptrace attacks as before.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to:

Prev by Date: Re: Bug#478689: ITP: getopt -- Command-line parsing for GNU R
Next by Date: Re: Bug#478783: ITP: sequel -- Lightweight database access toolkit for Ruby
Previous by thread: Re: Bug#478689: ITP: getopt -- Command-line parsing for GNU R
Next by thread: Re: Using sgid binaries to defend against LD_PRELOAD/ptrace()
Index(es):
- Date
- Thread