Description of problem: You can start gpk-application as: strace gpk-application ...however you cannot start gpk-application and then strace it (without changing to root to strace), the reason for this is that PackageKit/lib/packagekit-glib/pk-client.c has: __attribute__ ((constructor)) void init() { /* this is a bandaid */ prctl (PR_SET_DUMPABLE, 0); } ...'m not sure if you pasted this from somewhere, or it's a hack to try and solve some real problem with running PK clients as root ... either way, it should not happen for the normal cases.
I was told by David Zeuthen that this was needed. The following commit added it: commit 9c724e90e537a8c488c78dfc7b9ecc03e58323a8 Author: Richard Hughes <richard> Date: Mon Apr 14 23:10:32 2008 +0100 Disable ptrace() and core dumping for applications which use libpackagekit so that local trojans cannot silently abuse privileges
I don't think this harms anything, and anything security related I would prefer to err on the side of caution. If David (PolicyKit maintainer) says it's okay to remove, then I'll do so.
Well I'm worrid about two cases: 1. User can't strace/etc. any running app. linked to PK. 2. If this is a real security problem then it needs to fix the case where the application starts under strace/gdb/whatever. David, can you explain the rationale ... in what cases is this needed?
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Should be no longer a problem.