mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-04-19 19:36:44 +02:00
91 lines
3.2 KiB
Diff
91 lines
3.2 KiB
Diff
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
Date: Tue, 11 Aug 2015 20:28:26 -0400
|
|
Subject: Avoid simple memory dumps via ptrace
|
|
|
|
This avoids needing to setgid gpg-agent. It probably doesn't defend
|
|
against all possible attacks, but it defends against one specific (and
|
|
easy) one. If there are other protections we should do them too.
|
|
|
|
This will make it slightly harder to debug the agent because the
|
|
normal user won't be able to attach gdb to it directly while it runs.
|
|
|
|
The remaining options for debugging are:
|
|
|
|
* launch the agent from gdb directly
|
|
* connect gdb to a running agent as the superuser
|
|
|
|
Upstream bug: https://dev.gnupg.org/T1211
|
|
---
|
|
agent/gpg-agent.c | 8 ++++++++
|
|
configure.ac | 2 +-
|
|
scd/scdaemon.c | 9 +++++++++
|
|
3 files changed, 18 insertions(+), 1 deletion(-)
|
|
|
|
Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch
|
|
|
|
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
|
|
index 412eb43..1de989b 100644
|
|
--- a/agent/gpg-agent.c
|
|
+++ b/agent/gpg-agent.c
|
|
@@ -48,6 +48,9 @@
|
|
# include <signal.h>
|
|
#endif
|
|
#include <npth.h>
|
|
+#ifdef HAVE_PRCTL
|
|
+# include <sys/prctl.h>
|
|
+#endif
|
|
|
|
#define INCLUDED_BY_MAIN_MODULE 1
|
|
#define GNUPG_COMMON_NEED_AFLOCAL
|
|
@@ -1095,6 +1098,11 @@ main (int argc, char **argv)
|
|
|
|
early_system_init ();
|
|
|
|
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
|
|
+ /* Disable ptrace on Linux without sgid bit */
|
|
+ prctl(PR_SET_DUMPABLE, 0);
|
|
+#endif
|
|
+
|
|
/* Before we do anything else we save the list of currently open
|
|
file descriptors and the signal mask. This info is required to
|
|
do the exec call properly. We don't need it on Windows. */
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 099c6a8..4c9fcee 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -1419,7 +1419,7 @@ AC_CHECK_FUNCS([atexit canonicalize_file_name clock_gettime ctermid \
|
|
ftruncate funlockfile getaddrinfo getenv getpagesize \
|
|
getpwnam getpwuid getrlimit getrusage gettimeofday \
|
|
gmtime_r inet_ntop inet_pton isascii lstat memicmp \
|
|
- memmove memrchr mmap nl_langinfo pipe raise rand \
|
|
+ memmove memrchr mmap nl_langinfo pipe prctl raise rand \
|
|
setenv setlocale setrlimit sigaction sigprocmask \
|
|
stat stpcpy strcasecmp strerror strftime stricmp \
|
|
strlwr strncasecmp strpbrk strsep strtol strtoul \
|
|
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
|
|
index e43769f..2066543 100644
|
|
--- a/scd/scdaemon.c
|
|
+++ b/scd/scdaemon.c
|
|
@@ -37,6 +37,9 @@
|
|
#include <unistd.h>
|
|
#include <signal.h>
|
|
#include <npth.h>
|
|
+#ifdef HAVE_PRCTL
|
|
+# include <sys/prctl.h>
|
|
+#endif
|
|
|
|
#define INCLUDED_BY_MAIN_MODULE 1
|
|
#define GNUPG_COMMON_NEED_AFLOCAL
|
|
@@ -462,6 +465,12 @@ main (int argc, char **argv )
|
|
const char *application_priority = NULL;
|
|
|
|
early_system_init ();
|
|
+
|
|
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
|
|
+ /* Disable ptrace on Linux without sgid bit */
|
|
+ prctl(PR_SET_DUMPABLE, 0);
|
|
+#endif
|
|
+
|
|
gpgrt_set_strusage (my_strusage);
|
|
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
|
|
/* Please note that we may running SUID(ROOT), so be very CAREFUL
|