rpms
/
kde-cli-tools
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '97e6bf2d44'
${ noResults }
kde-cli-tools/0003-Disable-ptrace-on-kdes...

81 lines
2.4 KiB
Raw Blame History

From 034b5c39e49ce946ca97f0d003a4b4f144b10d39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Gr=C3=A4=C3=9Flin?= <mgraesslin@kde.org>
Date: Tue, 8 Dec 2015 12:56:03 +0100
Subject: [PATCH 03/10] Disable ptrace on kdesu
This change protects against other user processes attaching to the kdesu
process to gain the root password.
REVIEW: 126276
---
CMakeLists.txt | 7 +++++++
config-kde-cli-tools.h.cmake | 2 ++
kdesu/kdesu.cpp | 8 ++++++++
3 files changed, 17 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 31209e0..277ab15 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -12,7 +12,9 @@ include(ECMInstallIcons)
include(ECMMarkAsTest)
include(ECMMarkNonGuiExecutable)
include(FeatureSummary)
+include(CheckIncludeFile)
include(CheckIncludeFiles)
+include(CheckSymbolExists)
include(ECMOptionalAddSubdirectory)
find_package(Qt5 ${QT_MIN_VERSION} CONFIG REQUIRED COMPONENTS
@@ -85,6 +87,11 @@ if(UNIX)
endif()
check_include_files(sys/wait.h HAVE_SYS_WAIT_H)
+
+check_include_file("sys/prctl.h" HAVE_SYS_PRCTL_H)
+check_symbol_exists(PR_SET_DUMPABLE "sys/prctl.h" HAVE_PR_SET_DUMPABLE)
+add_feature_info("prctl-dumpable" HAVE_PR_SET_DUMPABLE "Required for disallow ptrace on kdesu process")
+
configure_file (config-kde-cli-tools.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config-kde-cli-tools.h )
feature_summary(WHAT ALL INCLUDE_QUIET_PACKAGES FATAL_ON_MISSING_REQUIRED_PACKAGES)
diff --git a/config-kde-cli-tools.h.cmake b/config-kde-cli-tools.h.cmake
index f7eb81e..d313dc9 100644
--- a/config-kde-cli-tools.h.cmake
+++ b/config-kde-cli-tools.h.cmake
@@ -1,3 +1,5 @@
/* Define to 1 if you have the <sys/wait.h> header file. */
#cmakedefine HAVE_SYS_WAIT_H 1
+#cmakedefine01 HAVE_SYS_PRCTL_H
+#cmakedefine01 HAVE_PR_SET_DUMPABLE
#define HAVE_X11 ${X11_FOUND}
diff --git a/kdesu/kdesu.cpp b/kdesu/kdesu.cpp
index b82bdd4..040bfaa 100644
--- a/kdesu/kdesu.cpp
+++ b/kdesu/kdesu.cpp
@@ -18,6 +18,9 @@
#if defined(HAVE_SYS_WAIT_H)
#include <sys/wait.h>
#endif
+#if HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
#include <QFileInfo>
#include <QFile>
@@ -71,6 +74,11 @@ static int startApp(QCommandLineParser& p);
int main(int argc, char *argv[])
{
+ // disable ptrace
+#if HAVE_PR_SET_DUMPABLE
+ prctl(PR_SET_DUMPABLE, 0);
+#endif
+
QApplication app(argc, argv);
// FIXME: this can be considered a poor man's solution, as it's not
--
2.5.0
Reference in new issue View Git Blame Copy Permalink