sitter added a comment.
Maybe I am missing something here but wouldn't this allow any application to get ptrace access? e.g. if a malicious program watches /tmp/kcrash_*, then writes its own pid to a new socket before kcrash writes the debugger's... now the malicious program has ptrace access. I also think *printf isn't save to call in a signal handler. Not sure about atoi. REPOSITORY R285 KCrash REVISION DETAIL https://phabricator.kde.org/D11236 To: croick, #frameworks Cc: sitter, michaelh, ngraham
