1 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 Date: Tue, 11 Aug 2015 20:28:26 -0400
3 Subject: Avoid simple memory dumps via ptrace
5 This avoids needing to setgid gpg-agent. It probably doesn't defend
6 against all possible attacks, but it defends against one specific (and
7 easy) one. If there are other protections we should do them too.
9 This will make it slightly harder to debug the agent because the
10 normal user won't be able to attach gdb to it directly while it runs.
12 The remaining options for debugging are:
14 * launch the agent from gdb directly
15 * connect gdb to a running agent as the superuser
17 Upstream bug: https://bugs.gnupg.org/gnupg/issue1211
19 agent/gpg-agent.c | 8 ++++++++
21 2 files changed, 9 insertions(+)
23 diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
24 index c0208cc88..31bf3370a 100644
25 --- a/agent/gpg-agent.c
26 +++ b/agent/gpg-agent.c
32 +# include <sys/prctl.h>
35 #define GNUPG_COMMON_NEED_AFLOCAL
37 @@ -949,6 +952,11 @@ main (int argc, char **argv )
41 +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
42 + /* Disable ptrace on Linux without sgid bit */
43 + prctl(PR_SET_DUMPABLE, 0);
46 /* Before we do anything else we save the list of currently open
47 file descriptors and the signal mask. This info is required to
48 do the exec call properly. We don't need it on Windows. */
49 diff --git a/configure.ac b/configure.ac
50 index f929cb60f..f2b6a70d2 100644
53 @@ -1335,6 +1335,7 @@ AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap canonicalize_file_name])
54 AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r strtoull])
55 AC_CHECK_FUNCS([setenv unsetenv fcntl ftruncate inet_ntop])
56 AC_CHECK_FUNCS([canonicalize_file_name])
57 +AC_CHECK_FUNCS([prctl])
58 AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
59 AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
60 AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo])