subject:"Bug#878952\: \[pkg\-gnupg\-maint\] Bug#878952\: scdaemon\: avoid ptrace on scdaemon\?"

Bug#878952: [pkg-gnupg-maint] Bug#878952: scdaemon: avoid ptrace on scdaemon?

2017-10-28 Thread Daniel Kahn Gillmor

Control: found 878952 2.1.18-8~deb9u1

On Wed 2017-10-25 16:46:51 +0900, NIIBE Yutaka wrote:
> Daniel Kahn Gillmor  wrote:
>> Package: scdaemon
>> Version: 2.2.1-2
>> Severity: normal
> [...]
>> Should we add a similar "prctl(PR_SET_DUMPABLE, 0)" to scdaemon as
>> well?
>
> I think we should.  Or else, someone might confuse as if the specific
> attack condition is somehow different for scdaemon.

It looks to me like this hardening change now works:

  ### with scdaemon 2.2.1-4 ###

0 dkg@pty1:~$ strace -p $(pidof scdaemon)
strace: Process 3997 attached
pselect6(4, [3], NULL, NULL, NULL, {[], 8} ) = ?
+++ exited with 2 +++
0 dkg@pty1:~$

  ### upgrade scdaemon and friends to 2.2.1-5 ###

0 dkg@pty1:~$ strace -p $(pidof scdaemon)
strace: attach: ptrace(PTRACE_SEIZE, 17081): Operation not permitted
1 dkg@pty1:~$

I don't think this is security-critical enough to try to push it as a
security update -- it's hardening, and as werner likes to point out,
there are almost certainly ways around it for a motivated attacker with
sufficient control over the victim's user account.  But i do think this
might be worth trying to put into the next stable point release, along
with a few other changes.

Any objection to it going into stretch?

  --dkg

signature.asc
Description: PGP signature

Bug#878952: [pkg-gnupg-maint] Bug#878952: scdaemon: avoid ptrace on scdaemon?

2017-10-27 Thread Daniel Kahn Gillmor

Control: tags 878952 + confirmed pending

On Wed 2017-10-25 16:46:51 +0900, NIIBE Yutaka wrote:
> Daniel Kahn Gillmor  wrote:
>> Package: scdaemon
>> Version: 2.2.1-2
>> Severity: normal
> [...]
>> Should we add a similar "prctl(PR_SET_DUMPABLE, 0)" to scdaemon as
>> well?
>
> I think we should.  Or else, someone might confuse as if the specific
> attack condition is somehow different for scdaemon.

Thanks for the confirmation, i'll look into making this change shortly.

   --dkg


signature.asc
Description: PGP signature

Bug#878952: [pkg-gnupg-maint] Bug#878952: scdaemon: avoid ptrace on scdaemon?

2017-10-25 Thread NIIBE Yutaka

Daniel Kahn Gillmor  wrote:
> Package: scdaemon
> Version: 2.2.1-2
> Severity: normal
[...]
> Should we add a similar "prctl(PR_SET_DUMPABLE, 0)" to scdaemon as
> well?

I think we should.  Or else, someone might confuse as if the specific
attack condition is somehow different for scdaemon.
--

Bug#878952: [pkg-gnupg-maint] Bug#878952: scdaemon: avoid ptrace on scdaemon?

Bug#878952: [pkg-gnupg-maint] Bug#878952: scdaemon: avoid ptrace on scdaemon?

Bug#878952: [pkg-gnupg-maint] Bug#878952: scdaemon: avoid ptrace on scdaemon?

3 matches

Site Navigation

Mail list logo

Footer information