[Differential] [Request, 26 lines] D1216: Disallow ptrace on greeter and kcheckpass process on FreeBSD

[tcberner (Tobias C. Berner)]

tcberner created this revision.
tcberner added reviewers: graesslin, rakuco.
tcberner set the repository for this revision to rKSCREENLOCKER KScreenLocker.
Herald added a project: Plasma.
Herald added a subscriber: plasma-devel.

REVISION SUMMARY
  Use FreeBSDs `procctl` to disable gdb&Co from attaching to kscreenlocker and kcheckpass.
  
  What is not so nice is that when CMake runs we get the output:
  
    -- The following features have been enabled:
     * procctl-trace , Required for disallow ptrace on greeter and kcheckpass process
    [...]
    -- The following features have been disabled:
     * prctl-dumpable , Required for disallow ptrace on greeter and kcheckpass process
  
  This should probably be unified.
  
  Also, as this will probably crop up all over the place, would it maybe be sensible to define some `enableTracing()` and `disableTracing()` functions so that this change has not have to be applied everywhere?

TEST PLAN
  Testing done:
  
    % gdb --pid <pid of kscreenlocker with --testing>
    Result
        successfully attached
    
    # gdb --pid <pid of kscreenlocker>
    Result
        successfully attached
    
    % gdb --pid <pid of kscreenlocker>
    Result
        Attaching to process <pid of kscreenlocker>
        ptrace: Operation not permitted.

REPOSITORY
  rKSCREENLOCKER KScreenLocker

REVISION DETAIL
  https://phabricator.kde.org/D1216

AFFECTED FILES
  CMakeLists.txt
  config-kscreenlocker.h.cmake
  greeter/main.cpp
  kcheckpass/kcheckpass.c

EMAIL PREFERENCES
  https://phabricator.kde.org/settings/panel/emailpreferences/

To: tcberner, graesslin, rakuco
Cc: plasma-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20160324/4fe9b6f5/attachment.html>