On Sun, Nov 14, 2010 at 1:34 AM, Scott Moreau <[email protected]> wrote: > >> >> Crashandler can't be in core or plugin packs because it needs to >> change the security context of compiz (eg introducing it would be a >> security risk) in newer distributions to work correctly. > > Can you elaborate on this?
Sure. So basically the crashhandler plugin is relatively simple in that it doesn't generate a backtrace internally but instead catches a segfault, forks and attaches gdb to itself to grab a backtrace. The problem with using gdb like that, is that gdb allows you to examine the memory contents of any running processes that you own. This isn't a problem from the context of a normal desktop usecase (eg, single user logging into the desktop), but it is a problem where you have shared user accounts or the possibility of a remote exploit where a remote attacker could examine the contents of any application's memory (passwords, sensitive files, etc). Thus most distros are moving towards disallowing ptrace on own user processes, since there isn't any usecase for it under normal usage. [1] Of course, this means that ptrace is now broken for us, which means that our backtraces wont work under this security context. The only workaround then is to set prctrols to allow us to do this on the signal handler and this makes for an insecure compiz. Thus we can't ship the crashhandler plugin in -extra anymore. Kind Regards, Sam [1] https://lists.ubuntu.com/archives/ubuntu-devel/2010-May/030797.html > > _______________________________________________ > dev mailing list > [email protected] > http://lists.compiz.org/mailman/listinfo/dev > > -- Sam Spilsbury _______________________________________________ dev mailing list [email protected] http://lists.compiz.org/mailman/listinfo/dev
