From 873665024ebfaa761ee49b508a79db7178aeb778 Mon Sep 17 00:00:00 2001 From: davidovski Date: Sat, 4 Jun 2022 15:08:04 +0100 Subject: added gnupg --- ...0110-avoid-simple-memory-dumps-via-ptrace.patch | 91 ++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 repo/gnupg/0110-avoid-simple-memory-dumps-via-ptrace.patch (limited to 'repo/gnupg/0110-avoid-simple-memory-dumps-via-ptrace.patch') diff --git a/repo/gnupg/0110-avoid-simple-memory-dumps-via-ptrace.patch b/repo/gnupg/0110-avoid-simple-memory-dumps-via-ptrace.patch new file mode 100644 index 0000000..644b8a5 --- /dev/null +++ b/repo/gnupg/0110-avoid-simple-memory-dumps-via-ptrace.patch @@ -0,0 +1,91 @@ +From: Daniel Kahn Gillmor +Date: Tue, 11 Aug 2015 20:28:26 -0400 +Subject: Avoid simple memory dumps via ptrace + +This avoids needing to setgid gpg-agent. It probably doesn't defend +against all possible attacks, but it defends against one specific (and +easy) one. If there are other protections we should do them too. + +This will make it slightly harder to debug the agent because the +normal user won't be able to attach gdb to it directly while it runs. + +The remaining options for debugging are: + + * launch the agent from gdb directly + * connect gdb to a running agent as the superuser + +Upstream bug: https://dev.gnupg.org/T1211 +--- + agent/gpg-agent.c | 8 ++++++++ + configure.ac | 2 +- + scd/scdaemon.c | 9 +++++++++ + 3 files changed, 18 insertions(+), 1 deletion(-) + +Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch + +diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c +index b167c34..5afcf11 100644 +--- a/agent/gpg-agent.c ++++ b/agent/gpg-agent.c +@@ -50,6 +50,9 @@ + # include + #endif + #include ++#ifdef HAVE_PRCTL ++# include ++#endif + + #define INCLUDED_BY_MAIN_MODULE 1 + #define GNUPG_COMMON_NEED_AFLOCAL +@@ -1030,6 +1033,11 @@ main (int argc, char **argv ) + + early_system_init (); + ++#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) ++ /* Disable ptrace on Linux without sgid bit */ ++ prctl(PR_SET_DUMPABLE, 0); ++#endif ++ + /* Before we do anything else we save the list of currently open + file descriptors and the signal mask. This info is required to + do the exec call properly. We don't need it on Windows. */ +diff --git a/configure.ac b/configure.ac +index 7a2d410..2d8b050 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1426,7 +1426,7 @@ AC_CHECK_FUNCS([atexit canonicalize_file_name clock_gettime ctermid \ + ftruncate funlockfile getaddrinfo getenv getpagesize \ + getpwnam getpwuid getrlimit getrusage gettimeofday \ + gmtime_r inet_ntop inet_pton isascii lstat memicmp \ +- memmove memrchr mmap nl_langinfo pipe raise rand \ ++ memmove memrchr mmap nl_langinfo pipe prctl raise rand \ + setenv setlocale setrlimit sigaction sigprocmask \ + stat stpcpy strcasecmp strerror strftime stricmp \ + strlwr strncasecmp strpbrk strsep strtol strtoul \ +diff --git a/scd/scdaemon.c b/scd/scdaemon.c +index 5c519f8..cab66a0 100644 +--- a/scd/scdaemon.c ++++ b/scd/scdaemon.c +@@ -37,6 +37,9 @@ + #include + #include + #include ++#ifdef HAVE_PRCTL ++# include ++#endif + + #define INCLUDED_BY_MAIN_MODULE 1 + #define GNUPG_COMMON_NEED_AFLOCAL +@@ -446,6 +449,12 @@ main (int argc, char **argv ) + npth_t pipecon_handler; + + early_system_init (); ++ ++#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) ++ /* Disable ptrace on Linux without sgid bit */ ++ prctl(PR_SET_DUMPABLE, 0); ++#endif ++ + set_strusage (my_strusage); + gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); + /* Please note that we may running SUID(ROOT), so be very CAREFUL -- cgit v1.2.1