Disable ptrace for kcheckpass and the greeter
Review Request #126203 - Created Nov. 30, 2015 and submitted
Setting the PR_SET_DUMPABLE flag to 0 for the security relevant
command kcheckpass and kscreenlocker_greet. If one wants to gdb into
the running command it will result in:
ptrace: Operation not permitted.
For kscreenlocker_greet ptrace is permitted in testing mode.
As root it's still possible to attach to the process.
@Tobias: I assume this is a strong linux-ism. Is there a FreeBSD compareable functionality?
I'm considering to push this explicitly without an ifdef. It's a new security feature and I want to make non-Linux systems aware of the fact that it adds a new feature and that a replacement should be added.
Tried to gdb into the processes: failed
Tried to gdb into kscreenlocker_greet --testing: succeeded
Tried to gdb into kscreenlocker_greet as root: succeeded
I think FreeBSD 10 introduced a similar interface in r277322
Though it is explicitely stated to not be a "security feature".
According to the man page of progctl
this would be PROC_TRACE_CTL with data PROC_TRACE_CTL_DISABLE.
I will have to ask someone more familiar with that.
added a cmake check for the linux part and added it to feature info. For other systems I suggest to extend this once this review is in (sorry I don't dare to add security relevant code which I cannot even compile ;-) ).
Revision 2 (+28)
Thanks for spending time making this portable.
I'm unable to test this at the moment; if Tobias is around and able to submit a FreeBSD version it'd be good to integrate it into the same patch, otherwise we can just do that later.