Control: found 878952 2.1.18-8~deb9u1 On Wed 2017-10-25 16:46:51 +0900, NIIBE Yutaka wrote: > Daniel Kahn Gillmor <[email protected]> wrote: >> Package: scdaemon >> Version: 2.2.1-2 >> Severity: normal > [...] >> Should we add a similar "prctl(PR_SET_DUMPABLE, 0)" to scdaemon as >> well? > > I think we should. Or else, someone might confuse as if the specific > attack condition is somehow different for scdaemon.
It looks to me like this hardening change now works:
------------
### with scdaemon 2.2.1-4 ###
0 dkg@pty1:~$ strace -p $(pidof scdaemon)
strace: Process 3997 attached
pselect6(4, [3], NULL, NULL, NULL, {[], 8} <unfinished ...>) = ?
+++ exited with 2 +++
0 dkg@pty1:~$
### upgrade scdaemon and friends to 2.2.1-5 ###
0 dkg@pty1:~$ strace -p $(pidof scdaemon)
strace: attach: ptrace(PTRACE_SEIZE, 17081): Operation not permitted
1 dkg@pty1:~$
------------
I don't think this is security-critical enough to try to push it as a
security update -- it's hardening, and as werner likes to point out,
there are almost certainly ways around it for a motivated attacker with
sufficient control over the victim's user account. But i do think this
might be worth trying to put into the next stable point release, along
with a few other changes.
Any objection to it going into stretch?
--dkg
signature.asc
Description: PGP signature

