Another way that a distro can mitigate this (and other) attacks on a
user process like gpg-agent is by installing it with the setgid bit
set. The Linux kernel will prevent ptrace attacks on such a process in
a race free manner.

for example, ssh-agent already does exactly this:
ian@draal~ [i]> ls -l /usr/bin/ssh-agent
-rwxr-sr-x 1 root ssh 350232 Mar 23 11:32 /usr/bin/ssh-agent*


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to