[Pkg-gnupg-commit] [gnupg2] 01/02: block trivial access to scdaemon memory (Closes: #878952)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Oct 28 13:33:52 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch stretch
in repository gnupg2.
commit aa378e9cbdcc5a8ece8e48d020c7456a57b4105c
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Sat Oct 28 15:13:13 2017 +0200
block trivial access to scdaemon memory (Closes: #878952)
---
...0002-Avoid-simple-memory-dumps-via-ptrace.patch | 50 +++++++++++++++++-----
debian/patches/series | 2 +-
2 files changed, 41 insertions(+), 11 deletions(-)
diff --git a/debian/patches/block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch b/debian/patches/block-ptrace-on-sensitive-daemons/0002-Avoid-simple-memory-dumps-via-ptrace.patch
similarity index 54%
rename from debian/patches/block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch
rename to debian/patches/block-ptrace-on-sensitive-daemons/0002-Avoid-simple-memory-dumps-via-ptrace.patch
index 96a8e0d..1530f32 100644
--- a/debian/patches/block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch
+++ b/debian/patches/block-ptrace-on-sensitive-daemons/0002-Avoid-simple-memory-dumps-via-ptrace.patch
@@ -2,26 +2,29 @@ From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue, 11 Aug 2015 20:28:26 -0400
Subject: Avoid simple memory dumps via ptrace
-This avoids needing to setgid gpg-agent. It probably doesn't defend
-against all possible attacks, but it defends against one specific (and
-easy) one. If there are other protections we should do them too.
+This avoids needing to setgid gpg-agent or scdaemon. It probably
+doesn't defend against all possible attacks, but it defends against
+one specific (and easy) one. If there are other protections we should
+do them too.
-This will make it slightly harder to debug the agent because the
-normal user won't be able to attach gdb to it directly while it runs.
+This will make it slightly harder to debug the agent or scdaemon
+because the normal user won't be able to attach gdb to it directly
+while it runs.
The remaining options for debugging are:
- * launch the agent from gdb directly
- * connect gdb to a running agent as the superuser
+ * launch gpg-agent or scdaemon from gdb directly
+ * connect gdb to a running gpg-agent or scdaemon as the superuser
Upstream bug: https://bugs.gnupg.org/gnupg/issue1211
---
agent/gpg-agent.c | 8 ++++++++
configure.ac | 1 +
- 2 files changed, 9 insertions(+)
+ scd/scdaemon.c | 9 +++++++++
+ 3 files changed, 18 insertions(+)
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index c0208cc88..31bf3370a 100644
+index c0208cc..31bf337 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -48,6 +48,9 @@
@@ -47,7 +50,7 @@ index c0208cc88..31bf3370a 100644
file descriptors and the signal mask. This info is required to
do the exec call properly. We don't need it on Windows. */
diff --git a/configure.ac b/configure.ac
-index f929cb60f..f2b6a70d2 100644
+index f929cb6..f2b6a70 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1335,6 +1335,7 @@ AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap canonicalize_file_name])
@@ -58,3 +61,30 @@ index f929cb60f..f2b6a70d2 100644
AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo])
+diff --git a/scd/scdaemon.c b/scd/scdaemon.c
+index 74fed44..4d011c4 100644
+--- a/scd/scdaemon.c
++++ b/scd/scdaemon.c
+@@ -36,6 +36,9 @@
+ #include <unistd.h>
+ #include <signal.h>
+ #include <npth.h>
++#ifdef HAVE_PRCTL
++# include <sys/prctl.h>
++#endif
+
+ #define GNUPG_COMMON_NEED_AFLOCAL
+ #include "scdaemon.h"
+@@ -409,6 +412,12 @@ main (int argc, char **argv )
+ npth_t pipecon_handler;
+
+ early_system_init ();
++
++#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
++ /* Disable ptrace on Linux without sgid bit */
++ prctl(PR_SET_DUMPABLE, 0);
++#endif
++
+ set_strusage (my_strusage);
+ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+ /* Please note that we may running SUID(ROOT), so be very CAREFUL
diff --git a/debian/patches/series b/debian/patches/series
index 4ec24b8..17770ee 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,5 @@
debian-packaging/0001-avoid-beta-warning.patch
-block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch
+block-ptrace-on-sensitive-daemons/0002-Avoid-simple-memory-dumps-via-ptrace.patch
debian-packaging/0003-avoid-regenerating-defsincdate-use-shipped-file.patch
dirmngr-idling/0001-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
dirmngr-idling/0002-dimrngr-Avoid-need-for-hkp-housekeeping.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list