D23692: kdesu: set kernel flags to prevent ptrace instead of relying on setgid
Malte Kraus
noreply at phabricator.kde.org
Tue Sep 3 10:50:54 BST 2019
maltek created this revision.
Herald added a project: Frameworks.
Herald added a subscriber: kde-frameworks-devel.
maltek requested review of this revision.
REVISION SUMMARY
So I noticed that kdesu is setgid 'nogroup'. That group is the fallback for groups from a remote NFS share that do not exist on the local machine. Since kdesu does not deal with NFS, I wanted to get rid of this (ab)use of 'nogroup'.
From all that I could gather (inline comments and a discussion on the KDE su handbook <https://docs.kde.org/trunk5/en/kde-workspace/kdesu/kdesu.pdf>), the goal of the setgid bit on the binary is not to access any file as 'nogroup', but to prevent other processes of the calling user from accessing cached passwords, e.g. through ptrace(), core dumps or /proc/<pid>/memory. While setgid is one way to achieve that, both Linux and FreeBSD allow setting a kernel flag to directly to disable such access. So I went for that.
REPOSITORY
R299 KDESu
REVISION DETAIL
https://phabricator.kde.org/D23692
AFFECTED FILES
src/client.cpp
src/client.h
src/kdesud/CMakeLists.txt
src/kdesud/kdesud.cpp
To: maltek
Cc: kde-frameworks-devel, LeGast00n, GB_2, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20190903/e7a37e1f/attachment.html>
More information about the Kde-frameworks-devel
mailing list