D11236: [KCrash] Establish socket to allow change of ptrace scope
Harald Sitter
noreply at phabricator.kde.org
Tue Apr 3 11:43:12 UTC 2018
sitter added a comment.
Maybe I am missing something here but wouldn't this allow any application to get ptrace access?
e.g. if a malicious program watches /tmp/kcrash_*, then writes its own pid to a new socket before kcrash writes the debugger's... now the malicious program has ptrace access.
I also think *printf isn't save to call in a signal handler. Not sure about atoi.
REPOSITORY
R285 KCrash
REVISION DETAIL
https://phabricator.kde.org/D11236
To: croick, #frameworks
Cc: sitter, michaelh, ngraham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180403/d8d49389/attachment.html>
More information about the Kde-frameworks-devel
mailing list