GNOME Keyring

should be marked undumpable to avoid PTRACE attach

Bug #572045 reported by Kees Cook on 2010-04-30

This bug affects 3 people

	Status	Importance	Assigned to
GNOME Keyring	Fix Released	Critical	gnome-bugs #504313
GnuPG2	Fix Released	Unknown	gnupg-bugs #1211
gnome-keyring (Ubuntu)	Triaged	Wishlist	Unassigned
gnupg2 (Ubuntu)	Fix Released	Low	Unassigned

Bug Description

Binary package hint: gnome-keyring

Programs that keep sensitive information in memory should avoid dumping core or being PTRACEable. Things like ssh-agent already accomplish this by calling:

prctl(PR_SET_DUMPABLE, 0);

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gnome-keyring 2.92.92.is.2.30.0-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic x86_64
Architecture: amd64
Date: Thu Apr 29 22:19:39 2010
ProcEnviron:
LANGUAGE=en_US:en
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: gnome-keyring

Tags:

Revision history for this message

Kees Cook (kees) wrote on 2010-04-30:

Dependencies.txt Edit (4.1 KiB, text/plain; charset="utf-8")

Revision history for this message

Kees Cook (kees) wrote on 2010-04-30:

To more directly illustrate:

$ gdb /usr/bin/ssh-agent $(pidof ssh-agent)
...
Attaching to program: /usr/bin/ssh-agent, process 16395
ptrace: Operation not permitted.

$ gdb /usr/bin/gpg-agent $(pidof gpg-agent)
...
Attaching to program: /usr/bin/gpg-agent, process 16396
...
0x00007f68d288af93 in __select_nocancel ()
at ../sysdeps/unix/syscall-template.S:82
82 ../sysdeps/unix/syscall-template.S: No such file or directory.
in ../sysdeps/unix/syscall-template.S
(gdb)

Revision history for this message

Sebastien Bacher (seb128) wrote on 2010-04-30:

Thank you for your bug report. The issue is an upstream one and it would be nice if somebody having it could send the bug the to the people writting the software (https://wiki.ubuntu.com/Bugs/Upstream/GNOME)

Changed in gnome-keyring (Ubuntu):
importance:	Undecided → Wishlist

Marc Deslauriers (mdeslaur) on 2010-04-30

Changed in gnupg2 (Ubuntu):
status:	New → Confirmed
Changed in gnome-keyring (Ubuntu):
status:	New → Confirmed

Kees Cook (kees) on 2010-04-30

Changed in gnupg2 (Ubuntu):
importance:	Undecided → Low

Bug Watch Updater (bug-watch-updater) on 2010-04-30

Changed in gnupg2:
status:	Unknown → Fix Released

Bug Watch Updater (bug-watch-updater) on 2010-04-30

Changed in gnome-keyring:
status:	Unknown → Confirmed

Sebastien Bacher (seb128) on 2010-05-03

Changed in gnome-keyring (Ubuntu):
status:	Confirmed → Triaged

Bug Watch Updater (bug-watch-updater) on 2010-09-16

Changed in gnome-keyring:
importance:	Unknown → Critical

Bug Watch Updater (bug-watch-updater) on 2015-08-04

Changed in gnupg2:
status:	Fix Released → Incomplete

Bug Watch Updater (bug-watch-updater) on 2016-04-05

Changed in gnupg2:
status:	Incomplete → Fix Released

Bug Watch Updater (bug-watch-updater) on 2018-04-06

Changed in gnome-keyring:
status:	Confirmed → Fix Released

Revision history for this message

Chris Halse Rogers (raof) wrote on 2018-08-20:

This was actually fixed (with a Debian patch) in the gnupg 2.1.7-1 upload.

Changed in gnupg2 (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Dependencies.txt Edit

Add attachment

Remote bug watches

gnome-bugs #504313
[RESOLVED FIXED] Edit
gnupg-bugs #1211
[8] Edit

Bug watches keep track of this bug in other bug trackers.