Avoid simple memory dumps via ptrace
337ae2374e79Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Avoid simple memory dumps via ptrace

This avoids needing to setgid gpg-agent. It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one. If there are other protections we should do them too.

This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.

The remaining options for debugging are:

launch the agent from gdb directly
connect gdb to a running agent as the superuser

Upstream bug: https://dev.gnupg.org/T1211

Gbp-Pq: Topic block-ptrace-on-secret-daemons
Gbp-Pq: Name Avoid-simple-memory-dumps-via-ptrace.patch

Details

Provenance

dkg	Authored on Aug 12 2015, 2:28 AM

Parents

rG591523ec94b6: Release 2.2.17

Branches

Unknown

Tags

Unknown

Event Timeline

dkg committed rG337ae2374e79: Avoid simple memory dumps via ptrace (authored by dkg).Jul 20 2019, 8:16 PM

Changes (3)

Path

Size

agent/

gpg-agent.c

configure.ac

scd/

scdaemon.c

rG337ae2374e79

View Options

agent/gpg-agent.c

View Options

configure.ac

View Options

Avoid simple memory dumps via ptrace337ae2374e79UnpublishedActions

Unpublished Commit · Learn More

Description

Details

Event Timeline

Changes (3)

rG337ae2374e79

agent/gpg-agent.c

configure.ac

scd/scdaemon.c

Avoid simple memory dumps via ptrace
337ae2374e79Unpublished
Actions