Bug 469432

Summary: PackageKit turns PR_SET_DUMPABLE off when not necessary
Product: [Fedora] Fedora Reporter: James Antill <james.antill>
Component: PackageKitAssignee: Richard Hughes <richard>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 10CC: davidz, lmacken, rhughes, richard, robin.norwood, tuxbrewr
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-03 08:44:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Antill 2008-10-31 20:17:27 UTC 
Description of problem:
 You can start gpk-application as:

 strace gpk-application

...however you cannot start gpk-application and then strace it (without changing to root to strace), the reason for this is that PackageKit/lib/packagekit-glib/pk-client.c has:

__attribute__ ((constructor))
void init()
{
        /* this is a bandaid */
        prctl (PR_SET_DUMPABLE, 0);
}

...'m not sure if you pasted this from somewhere, or it's a hack to try and solve some real problem with running PK clients as root ... either way, it should not happen for the normal cases.
Comment 1 Richard Hughes 2008-11-01 13:46:57 UTC 
I was told by David Zeuthen that this was needed. The following commit added it:

commit 9c724e90e537a8c488c78dfc7b9ecc03e58323a8
Author: Richard Hughes <richard>
Date:   Mon Apr 14 23:10:32 2008 +0100

   Disable ptrace() and core dumping for applications which use libpackagekit so that local trojans cannot silently abuse privileges
Comment 2 Richard Hughes 2008-11-06 10:56:48 UTC 
I don't think this harms anything, and anything security related I would prefer to err on the side of caution. If David (PolicyKit maintainer) says it's okay to remove, then I'll do so.
Comment 3 James Antill 2008-11-06 16:15:37 UTC 
Well I'm worrid about two cases:

1. User can't strace/etc. any running app. linked to PK.

2. If this is a real security problem then it needs to fix the case where the application starts under strace/gdb/whatever.

 David, can you explain the rationale ... in what cases is this needed?
Comment 4 Bug Zapper 2008-11-26 04:35:12 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Richard Hughes 2009-06-03 08:44:15 UTC 
Should be no longer a problem.