kdesu: set kernel flags to prevent ptrace instead of relying on setgid
ClosedPublic

Authored by maltek on Sep 3 2019, 9:50 AM.

Details

Reviewers
adridg
Group Reviewers
Frameworks
Summary

So I noticed that kdesu is setgid 'nogroup'. That group is the fallback for groups from a remote NFS share that do not exist on the local machine. Since kdesu does not deal with NFS, I wanted to get rid of this (ab)use of 'nogroup'.

From all that I could gather (inline comments and a discussion on the KDE su handbook), the goal of the setgid bit on the binary is not to access any file as 'nogroup', but to prevent other processes of the calling user from accessing cached passwords, e.g. through ptrace(), core dumps or /proc/<pid>/memory. While setgid is one way to achieve that, both Linux and FreeBSD allow setting a kernel flag to directly to disable such access. So I went for that.

Diff Detail

Repository
R299 KDESu
Lint
Lint Skipped
Unit
Unit Tests Skipped
maltek created this revision.Sep 3 2019, 9:50 AM
Restricted Application added a project: Frameworks. · View Herald TranscriptSep 3 2019, 9:50 AM
Restricted Application added a subscriber: kde-frameworks-devel. · View Herald Transcript
maltek requested review of this revision.Sep 3 2019, 9:50 AM

I have no idea who to specify as reviewer, so I'm picking the maintainer from src/README, Adriaan de Groot.

adridg accepted this revision.Sep 24 2019, 12:36 PM

LGTM on the FreeBSD side (I've checked, the procctl() code does block debugger access which is all we're asking to do).

This revision is now accepted and ready to land.Sep 24 2019, 12:36 PM