projects / gnupg2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b9cb38c) | patch
Avoid simple memory dumps via ptrace
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Wed, 12 Aug 2015 00:28:26 +0000 (20:28 -0400)
committerPeter Michael Green <plugwash@raspbian.org>
Thu, 20 Dec 2018 15:10:42 +0000 (15:10 +0000)
commitca8b691a3c7ff15ffd92aa53d525e8411534de49
tree2c004aec308988b8bf35ca2e3c6c37a35e9d949atree | snapshot
parentb9cb38cf9f76b7b73b6b24fe40aed6ef26f2450ecommit | diff
Avoid simple memory dumps via ptrace

This avoids needing to setgid gpg-agent.  It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one.  If there are other protections we should do them too.

This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.

The remaining options for debugging are:

 * launch the agent from gdb directly
 * connect gdb to a running agent as the superuser

Upstream bug: https://dev.gnupg.org/T1211

Gbp-Pq: Topic block-ptrace-on-secret-daemons
Gbp-Pq: Name Avoid-simple-memory-dumps-via-ptrace.patch
agent/gpg-agent.c diff | blob | history
configure.ac diff | blob | history
scd/scdaemon.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.