projects / gnupg2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 801d1d6) | patch
Avoid simple memory dumps via ptrace
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Wed, 12 Aug 2015 00:28:26 +0000 (20:28 -0400)
committerPeter Michael Green <plugwash@raspbian.org>
Wed, 25 Jul 2018 10:25:32 +0000 (11:25 +0100)
commita3d18cdcf53a8779025913180afd4103b3a2781a
tree196c1258edd7f0a2fc17098778a947bd8b0b1684tree | snapshot
parent801d1d69fc2998c0591e3d15ba042dcfd87e497ecommit | diff
Avoid simple memory dumps via ptrace

This avoids needing to setgid gpg-agent.  It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one.  If there are other protections we should do them too.

This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.

The remaining options for debugging are:

 * launch the agent from gdb directly
 * connect gdb to a running agent as the superuser

Upstream bug: https://dev.gnupg.org/T1211

Gbp-Pq: Topic block-ptrace-on-secret-daemons
Gbp-Pq: Name Avoid-simple-memory-dumps-via-ptrace.patch
agent/gpg-agent.c diff | blob | history
configure.ac diff | blob | history
scd/scdaemon.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.