diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2015-08-12 00:28:26 +0000 |
|---|---|---|
| committer | Daniel Kahn Gillmor <[email protected]> | 2019-07-20 18:16:19 +0000 |
| commit | 337ae2374e793fb8722128abee6ad7e4cec87ae7 (patch) | |
| tree | 908150469b59ffff5a2f256690b2c0534ceec505 /scd/scdaemon.c | |
| parent | Release 2.2.17 (diff) | |
| download | gnupg-337ae2374e793fb8722128abee6ad7e4cec87ae7.tar.gz gnupg-337ae2374e793fb8722128abee6ad7e4cec87ae7.zip | |
Avoid simple memory dumps via ptrace
This avoids needing to setgid gpg-agent. It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one. If there are other protections we should do them too.
This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.
The remaining options for debugging are:
* launch the agent from gdb directly
* connect gdb to a running agent as the superuser
Upstream bug: https://dev.gnupg.org/T1211
Gbp-Pq: Topic block-ptrace-on-secret-daemons
Gbp-Pq: Name Avoid-simple-memory-dumps-via-ptrace.patch
Diffstat (limited to '')
| -rw-r--r-- | scd/scdaemon.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 8cbd0ee08..ff343aa7b 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -36,6 +36,9 @@ #include <unistd.h> #include <signal.h> #include <npth.h> +#ifdef HAVE_PRCTL +# include <sys/prctl.h> +#endif #define GNUPG_COMMON_NEED_AFLOCAL #include "scdaemon.h" @@ -443,6 +446,12 @@ main (int argc, char **argv ) npth_t pipecon_handler; early_system_init (); + +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* Disable ptrace on Linux without sgid bit */ + prctl(PR_SET_DUMPABLE, 0); +#endif + set_strusage (my_strusage); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); /* Please note that we may running SUID(ROOT), so be very CAREFUL |