On Sun, Apr 27, 2008 at 10:52:38AM +0200, Josselin Mouette wrote: > Le vendredi 07 décembre 2007 à 19:18 +0100, Martin Pitt a écrit : > > one thing that has bothered me for a long time already is the > > complete lack of a security boundary between processes of the same > > user. Things like LD_PRELOAD and ptrace() (IOW, gdb) are enabled by > > default for all users, and especially for developers this is a good > > thing. > > > > However, a lot of programs that we have deal with passwords and other > > secrets which deserve some protection, like passwords you type into > > ssh, screensavers, seahorse, etc. > > > One easy solution that comes to my mind is to install those affected > > programs setgid, and drop the additional group immediately after > > program start with setgid(getgid()). For this we should introduce a > > new static group into base-passwd, like "noptrace", to not abuse > > existing groups and not confuse auditing tools. > > Given that it seems unlikely that we obtain another solution, should we > start right now with that stuff? > > Colin, as base-passwd maintainer, do you have anything against creating > such a group?
I think it was my suggestion to Martin in the first place, so no, I don't have any objection. :-) I haven't been following the thread, though - has there been general consensus on this? -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
