diff --git a/src/client.h b/src/client.h --- a/src/client.h +++ b/src/client.h @@ -28,15 +28,12 @@ * * @li For high security passwords, like for su and ssh, it executes the * password requesting command for you. It feeds the password to the - * command, without ever returning it to you, the user. The daemon should - * be installed setgid nogroup, in order to be able to act as an inaccessible, - * trusted 3rd party. + * command, without ever returning it to you, the user. * See exec, setPass, delCommand. * * @li For lower security passwords, like web and ftp passwords, it can act * as a persistent storage for string variables. These variables are - * returned to the user, and the daemon doesn't need to be setgid nogroup - * for this. + * returned to the user. * See setVar, delVar, delGroup. */ @@ -184,11 +181,6 @@ */ int startServer(); - /** - * Returns true if the server is safe (installed setgid), false otherwise. - */ - bool isServerSGID(); - private: int connect(); diff --git a/src/client.cpp b/src/client.cpp --- a/src/client.cpp +++ b/src/client.cpp @@ -388,23 +388,6 @@ return daemon; } -bool KDEsuClient::isServerSGID() -{ - if (d->daemon.isEmpty()) { - d->daemon = findDaemon(); - } - if (d->daemon.isEmpty()) { - return false; - } - - QT_STATBUF sbuf; - if (QT_STAT(QFile::encodeName(d->daemon).constData(), &sbuf) < 0) { - qWarning() << "[" << __FILE__ << ":" << __LINE__ << "] " << "stat():" << strerror(errno); - return false; - } - return (sbuf.st_mode & S_ISGID); -} - int KDEsuClient::startServer() { if (d->daemon.isEmpty()) { @@ -414,10 +397,6 @@ return -1; } - if (!isServerSGID()) { - qWarning() << "[" << __FILE__ << ":" << __LINE__ << "] " << "kdesud not setgid!"; - } - // kdesud only forks to the background after it is accepting // connections. // We start it via kdeinit to make sure that it doesn't inherit diff --git a/src/kdesud/CMakeLists.txt b/src/kdesud/CMakeLists.txt --- a/src/kdesud/CMakeLists.txt +++ b/src/kdesud/CMakeLists.txt @@ -28,8 +28,4 @@ ########### install files ############### install(TARGETS kdesud DESTINATION ${KDE_INSTALL_LIBEXECDIR_KF5}) -install(CODE " - set(KDESUD_PATH \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LIBEXECDIR_KF5}/kdesud\") - execute_process(COMMAND sh -c \"chgrp nogroup '\${KDESUD_PATH}' && chmod g+s '\${KDESUD_PATH}'\") -") diff --git a/src/kdesud/kdesud.cpp b/src/kdesud/kdesud.cpp --- a/src/kdesud/kdesud.cpp +++ b/src/kdesud/kdesud.cpp @@ -78,6 +78,12 @@ #include #endif +#ifdef __FreeBSD__ +#include +#else +#include +#endif + #ifndef SUN_LEN #define SUN_LEN(ptr) ((socklen_t) \ (offsetof(struct sockaddr_un, sun_path) + strlen ((ptr)->sun_path))) @@ -260,6 +266,20 @@ guard.reset(); return sockfd; } +/* The daemon stores passwords, which we don't want any other process to be able to read. */ +static void prevent_tracing() +{ + int r; +#ifdef PR_SET_DUMPABLE + r = prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); +#elif defined(PROC_TRACE_CTL) + int disable = PROC_TRACE_CTL_DISABLE_EXEC; + r = procctl(P_PID, getpid(), PROC_TRACE_CTL, &disable); +#endif + if (r == -1) { + qWarning() << "[" << __FILE__ << ":" << __LINE__ << "] " << "failed to prevent process memory from being read" << strerror(errno) << "\n"; + } +} /** @@ -268,6 +288,8 @@ int main(int argc, char *argv[]) { + prevent_tracing(); + QCoreApplication app(argc, argv); KAboutData aboutData( QStringLiteral("kdesud") /* componentName */,