Review Request 117157: Unlock session via DBus
thomas.luebking at gmail.com
Sun Mar 30 18:32:02 BST 2014
On Sonntag, 30. März 2014 19:14:32 CEST, Thiago Macieira wrote:
> I'd never heard of Yama.
Kinda new, but it's a stock kernel feature:
>> On top of this, one could also have ksmserver
>> PTRACE_ATTACH/SEIZE itself (at
>> least on linux that used to be a singleton feature), but root access more
>> or less implies "game over" in this context (you could simply replace
>> ksmserver or the greeter app with a "fixed" variant and wait for the next
> Usually, root access and same-user access imply game-over. Which is why I
> think this feature should be allowed in.
There's actually also prctl(PR_SET_DUMPABLE, ...) that can protect against debugging (more reliable than ptracing oneself and available since 2.3.20 ... ie. "ever") - protection against same-uid is lately been taken more seriously and the share of gdb users should be rather low.
Also Ubuntu apparently recently set ptrace_scope to one by default lately (apparently caused some help requests on ubuntuforums =)
I know that Arch has it set since a couple of month.
More information about the kde-core-devel