Red Hat Bugzilla – Bug 469432
PackageKit turns PR_SET_DUMPABLE off when not necessary
Last modified: 2009-06-03 04:44:15 EDT
Description of problem:
You can start gpk-application as:
...however you cannot start gpk-application and then strace it (without changing to root to strace), the reason for this is that PackageKit/lib/packagekit-glib/pk-client.c has:
/* this is a bandaid */
prctl (PR_SET_DUMPABLE, 0);
...'m not sure if you pasted this from somewhere, or it's a hack to try and solve some real problem with running PK clients as root ... either way, it should not happen for the normal cases.
I was told by David Zeuthen that this was needed. The following commit added it:
Author: Richard Hughes <email@example.com>
Date: Mon Apr 14 23:10:32 2008 +0100
Disable ptrace() and core dumping for applications which use libpackagekit so that local trojans cannot silently abuse privileges
I don't think this harms anything, and anything security related I would prefer to err on the side of caution. If David (PolicyKit maintainer) says it's okay to remove, then I'll do so.
Well I'm worrid about two cases:
1. User can't strace/etc. any running app. linked to PK.
2. If this is a real security problem then it needs to fix the case where the application starts under strace/gdb/whatever.
David, can you explain the rationale ... in what cases is this needed?
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.
More information and reason for this action is here:
Should be no longer a problem.