-
Committer:
Sam Spilsbury
-
Date:
2010-10-26 08:09:47 UTC
-
Revision ID:
git-v1:f8adbc96bb7dd28bd22de3cccb793c6ccaa5ab54
set prctls to allow us to attach gdb to ourselves and get a backtrace.
For security reasons[1][2] some distros have disabled the ability to ptrace ()
any arbitary process that a user owns since it allows a remote attacker to use
a debugger to examine the memory contents of any process a user owns and
collect sensitive data (and set variables to exploit the stack frame, fool
policykit etc etc etc all sorts of nasty things).
This breaks the ability to spawn a gdb session to attach to compiz and grab
a backtrace when we crash, so we need to set the appropriate prctls to let
us do this. Note that we only set the prctl in the signal handler _itself_
when we need the backtrace and not when compiz starts (as such is a security
risk)
[1] https://lists.ubuntu.com/archives/ubuntu-devel/2010-May/030797.html
[2] https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace Protection