Bug 469432
Summary: | PackageKit turns PR_SET_DUMPABLE off when not necessary | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | James Antill <james.antill> |
Component: | PackageKit | Assignee: | Richard Hughes <richard> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 10 | CC: | davidz, lmacken, rhughes, richard, robin.norwood, tuxbrewr |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-06-03 08:44:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
James Antill
2008-10-31 20:17:27 UTC
I was told by David Zeuthen that this was needed. The following commit added it: commit 9c724e90e537a8c488c78dfc7b9ecc03e58323a8 Author: Richard Hughes <richard> Date: Mon Apr 14 23:10:32 2008 +0100 Disable ptrace() and core dumping for applications which use libpackagekit so that local trojans cannot silently abuse privileges I don't think this harms anything, and anything security related I would prefer to err on the side of caution. If David (PolicyKit maintainer) says it's okay to remove, then I'll do so. Well I'm worrid about two cases: 1. User can't strace/etc. any running app. linked to PK. 2. If this is a real security problem then it needs to fix the case where the application starts under strace/gdb/whatever. David, can you explain the rationale ... in what cases is this needed? This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Should be no longer a problem. |