On Tue, Jun 18, 2013 at 6:59 PM, Vincent Lefevre <vinc...@vinc17.net> wrote: > On 2013-06-18 14:22:16 -0400, Samuel Bronson wrote:
> > Allowing GDB to attach to running processes in this manner would almost > > completely undermine the ptrace protection, though: baddies could then > > just > > make gdb do their dirty work for them, especially now that we have > > Python > > scripting ... > > Well, it's normally not possible to run GDB unless the attacker has a > shell access. And if the attacker has a shell access, he can already > do more or less anything he wants because he has a full access to the > user's files (config files, environment variable settings, etc.). > > The Ubuntu page mentions a remote attacker (via a compromised Firefox) > only. At least it should be possible to be protected in such a case, > while allowing debugging tools like gdb to work normally. If you can invoke ptrace in a useful way, you can surely manage to start gdb... > > So we won't be giving anyone a false sense of security this way. > > I don't understand what you mean here. The point of the kernel feature is to prevent user processes from debugging non-child-processes; what you proposed would clearly bypass that. > > (Besides which, I believe it would be a LOT of work to restructure GDB > > to > > allow this without also accidentally allowing users to do evil things > > like > > attaching to system daemons, writing to system files, etc.) > > So, you don't want users to be able to send useful bug reports > when some process randomly freezes? No: I simply want you to complain about this to someone who can turn that option off again. To do this in GDB would be a lot of work, and I would consider it to be going behind the sysadmin's back. Also note that with /proc/sys/kernel/yama/ptrace_scope set to 0, ssh-agent would still be quite safe. (I don't even *have* such a file and I still can't attach to a running ssh-agent; unfortunately, it looks like gpg-agent doesn't know that trick yet.) > At least there's a huge lack of documentation, and this is not serious! > Other people also wonder, e.g.: > > http://www.winehq.org/pipermail/wine-devel/2010-September/087056.html That doesn't seem to have anything to do with GDB? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
