[pkg-gnupg-maint] Bug#878952: Bug#878952: scdaemon: avoid ptrace on scdaemon?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Oct 28 12:37:33 UTC 2017
Control: found 878952 2.1.18-8~deb9u1
On Wed 2017-10-25 16:46:51 +0900, NIIBE Yutaka wrote:
> Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>> Package: scdaemon
>> Version: 2.2.1-2
>> Severity: normal
> [...]
>> Should we add a similar "prctl(PR_SET_DUMPABLE, 0)" to scdaemon as
>> well?
>
> I think we should. Or else, someone might confuse as if the specific
> attack condition is somehow different for scdaemon.
It looks to me like this hardening change now works:
------------
### with scdaemon 2.2.1-4 ###
0 dkg at pty1:~$ strace -p $(pidof scdaemon)
strace: Process 3997 attached
pselect6(4, [3], NULL, NULL, NULL, {[], 8} <unfinished ...>) = ?
+++ exited with 2 +++
0 dkg at pty1:~$
### upgrade scdaemon and friends to 2.2.1-5 ###
0 dkg at pty1:~$ strace -p $(pidof scdaemon)
strace: attach: ptrace(PTRACE_SEIZE, 17081): Operation not permitted
1 dkg at pty1:~$
------------
I don't think this is security-critical enough to try to push it as a
security update -- it's hardening, and as werner likes to point out,
there are almost certainly ways around it for a motivated attacker with
sufficient control over the victim's user account. But i do think this
might be worth trying to put into the next stable point release, along
with a few other changes.
Any objection to it going into stretch?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20171028/99ead3f3/attachment.sig>
More information about the pkg-gnupg-maint
mailing list