On 2013-06-18 19:56:07 -0400, Samuel Bronson wrote: > On Tue, Jun 18, 2013 at 6:59 PM, Vincent Lefevre <vinc...@vinc17.net> wrote: > > Well, it's normally not possible to run GDB unless the attacker has a > > shell access. And if the attacker has a shell access, he can already > > do more or less anything he wants because he has a full access to the > > user's files (config files, environment variable settings, etc.). > > > > The Ubuntu page mentions a remote attacker (via a compromised Firefox) > > only. At least it should be possible to be protected in such a case, > > while allowing debugging tools like gdb to work normally. > > If you can invoke ptrace in a useful way, you can surely manage to > start gdb...
Then I don't see the real purpose of this ptrace protection feature: an attacker would be able to do a lot of damage anyway. It seems to do more harm (preventing the user from debugging running processes) than trying to protect the user, and even more if particular processes can prevent a ptrace on them, like ssh-agent: > > So, you don't want users to be able to send useful bug reports > > when some process randomly freezes? > > No: I simply want you to complain about this to someone who can turn > that option off again. To do this in GDB would be a lot of work, and > I would consider it to be going behind the sysadmin's back. Also note > that with /proc/sys/kernel/yama/ptrace_scope set to 0, ssh-agent would > still be quite safe. (I don't even *have* such a file and I still > can't attach to a running ssh-agent; unfortunately, it looks like > gpg-agent doesn't know that trick yet.) > > > At least there's a huge lack of documentation, and this is not serious! > > Other people also wonder, e.g.: > > > > http://www.winehq.org/pipermail/wine-devel/2010-September/087056.html > > That doesn't seem to have anything to do with GDB? No, but it mentions other programs that also use ptrace and have the same problem as GDB. The question is how the user would make them work and whether these programs will be modified. The answer for GDB could be the same. It seems that there's a solution, but this is not clear: http://bugs.winehq.org/show_bug.cgi?id=24193#c6 -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
