diff options
author | Richard Hughes <richard@hughsie.com> | 2008-04-14 23:10:32 +0100 |
---|---|---|
committer | Richard Hughes <richard@hughsie.com> | 2008-04-15 00:05:36 +0100 |
commit | 236ff664b2c73c273b2aac1e4c657710e67da281 (patch) | |
tree | ef07c16528d28331de842937dd94850589e768ad | |
parent | efc8862990d768f81ef879d091dd42e022fff11a (diff) |
Disable ptrace() and core dumping for applications which use libpackagekit so that local trojans cannot silently abuse privileges
-rw-r--r-- | libpackagekit/pk-client.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/libpackagekit/pk-client.c b/libpackagekit/pk-client.c index d99abf88c..a1cc7e6ae 100644 --- a/libpackagekit/pk-client.c +++ b/libpackagekit/pk-client.c @@ -33,6 +33,7 @@ #include <string.h> #include <sys/types.h> +#include <sys/prctl.h> #ifdef HAVE_UNISTD_H #include <unistd.h> #endif /* HAVE_UNISTD_H */ @@ -3641,6 +3642,20 @@ pk_client_new (void) return PK_CLIENT (client); } +/** + * init: + * + * Library constructor: Disable ptrace() and core dumping for applications + * which use this library, so that local trojans cannot silently abuse PackageKit + * privileges. + */ +__attribute__ ((constructor)) +void init() +{ + /* this is a bandaid */ + prctl (PR_SET_DUMPABLE, 0); +} + /*************************************************************************** *** MAKE CHECK TESTS *** ***************************************************************************/ |