----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/126203/ -----------------------------------------------------------
(Updated Dec. 2, 2015, 8:11 a.m.) Status ------ This change has been marked as submitted. Review request for Plasma and Tobias Berner. Changes ------- Submitted with commit 88a497e4c6b7599cf859703e25d65ba8bb2873ce by Martin Gräßlin to branch master. Repository: kscreenlocker Description ------- Setting the PR_SET_DUMPABLE flag to 0 for the security relevant command kcheckpass and kscreenlocker_greet. If one wants to gdb into the running command it will result in: ptrace: Operation not permitted. For kscreenlocker_greet ptrace is permitted in testing mode. As root it's still possible to attach to the process. --- @Tobias: I assume this is a strong linux-ism. Is there a FreeBSD compareable functionality? I'm considering to push this explicitly without an ifdef. It's a new security feature and I want to make non-Linux systems aware of the fact that it adds a new feature and that a replacement should be added. Diffs ----- CMakeLists.txt f48bd53cafc188f79e041518dae0769d57597c69 config-kscreenlocker.h.cmake 2a034dee8ec21e426bc1db1d56b0ed152d3de2ca greeter/main.cpp e4e679e7ef40b319665428281fdba5f4e0b4eb25 kcheckpass/kcheckpass.c fd2d2215bf2199f159a121bb0ce08e7b2b254aaa Diff: https://git.reviewboard.kde.org/r/126203/diff/ Testing ------- Tried to gdb into the processes: failed Tried to gdb into kscreenlocker_greet --testing: succeeded Tried to gdb into kscreenlocker_greet as root: succeeded Thanks, Martin Gräßlin
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
