wayland: Drop ptrace logic
kwin disables ptrace for a good reason - to prevent other processes from attaching to kwin and snooping sensitive data or taking control of kwin. But, that will also make things such as memory statistics unavailable to read, etc. On the other hand, the supported platforms where kwin runs all have security measures in places to forbid shady processes ptrace'ing kwin. For example, on Linux it's YAMA. On Linux, by default, a process can ptrace only its descendants. For example, this can be used by debuggers; otherwise you would need to be the superuser to attach to any process. This change drops our ptrace logic in favor of system provided security measures. It allows the System Monitor to gather kwin's memory usage statistics and also simplifies code, the current debugger detection logic is not really robust. If the system provided security measures are proven to be insufficient, we can add the ptrace disabling logic back, but it would be great to avoid that because system monitor won't be able to gather resource usage statistics, which can be useful for detecting memory leaks in plasma wayland session, etc.
This commit is contained in:
Vlad Zahorodnii
parent
79a4733dc5
commit
b0982f7bbc
3 changed files with 0 additions and 64 deletions
|
|
@ -358,18 +358,6 @@ include(CheckSymbolExists)
|
|||
check_include_files(unistd.h HAVE_UNISTD_H)
|
||||
check_include_files(malloc.h HAVE_MALLOC_H)
|
||||
|
||||
check_include_file("sys/prctl.h" HAVE_SYS_PRCTL_H)
|
||||
check_symbol_exists(PR_SET_DUMPABLE "sys/prctl.h" HAVE_PR_SET_DUMPABLE)
|
||||
check_symbol_exists(PR_SET_PDEATHSIG "sys/prctl.h" HAVE_PR_SET_PDEATHSIG)
|
||||
check_include_file("sys/procctl.h" HAVE_SYS_PROCCTL_H)
|
||||
check_symbol_exists(PROC_TRACE_CTL "sys/procctl.h" HAVE_PROC_TRACE_CTL)
|
||||
if (HAVE_PR_SET_DUMPABLE OR HAVE_PROC_TRACE_CTL)
|
||||
set(CAN_DISABLE_PTRACE TRUE)
|
||||
endif()
|
||||
add_feature_info("prctl/procctl tracing control"
|
||||
CAN_DISABLE_PTRACE
|
||||
"Required for disallowing ptrace on kwin_wayland process")
|
||||
|
||||
check_include_file("sys/sysmacros.h" HAVE_SYS_SYSMACROS_H)
|
||||
|
||||
check_include_file("linux/vt.h" HAVE_LINUX_VT_H)
|
||||
|
|
|
|||
|
|
@ -18,11 +18,6 @@
|
|||
#cmakedefine01 HAVE_X11_XINPUT
|
||||
#cmakedefine01 HAVE_GBM_BO_GET_FD_FOR_PLANE
|
||||
#cmakedefine01 HAVE_WAYLAND_EGL
|
||||
#cmakedefine01 HAVE_SYS_PRCTL_H
|
||||
#cmakedefine01 HAVE_PR_SET_DUMPABLE
|
||||
#cmakedefine01 HAVE_PR_SET_PDEATHSIG
|
||||
#cmakedefine01 HAVE_SYS_PROCCTL_H
|
||||
#cmakedefine01 HAVE_PROC_TRACE_CTL
|
||||
#cmakedefine01 HAVE_SYS_SYSMACROS_H
|
||||
#cmakedefine01 HAVE_BREEZE_DECO
|
||||
#cmakedefine01 HAVE_LIBCAP
|
||||
|
|
|
|||
|
|
@ -40,14 +40,6 @@
|
|||
#include <QWindow>
|
||||
#include <QDBusInterface>
|
||||
|
||||
// system
|
||||
#if HAVE_SYS_PRCTL_H
|
||||
#include <sys/prctl.h>
|
||||
#endif
|
||||
#if HAVE_SYS_PROCCTL_H
|
||||
#include <sys/procctl.h>
|
||||
#endif
|
||||
|
||||
#if HAVE_LIBCAP
|
||||
#include <sys/capability.h>
|
||||
#endif
|
||||
|
|
@ -297,42 +289,6 @@ static QString automaticBackendSelection()
|
|||
return s_fbdevPlugin;
|
||||
}
|
||||
|
||||
static void disablePtrace()
|
||||
{
|
||||
#if HAVE_PR_SET_DUMPABLE
|
||||
// check whether we are running under a debugger
|
||||
const QFileInfo parent(QStringLiteral("/proc/%1/exe").arg(getppid()));
|
||||
if (parent.isSymLink() &&
|
||||
(parent.symLinkTarget().endsWith(QLatin1String("/gdb")) ||
|
||||
parent.symLinkTarget().endsWith(QLatin1String("/gdbserver")) ||
|
||||
parent.symLinkTarget().endsWith(QLatin1String("/lldb-server")))) {
|
||||
// debugger, don't adjust
|
||||
return;
|
||||
}
|
||||
|
||||
// disable ptrace in kwin_wayland
|
||||
prctl(PR_SET_DUMPABLE, 0);
|
||||
#endif
|
||||
#if HAVE_PROC_TRACE_CTL
|
||||
// FreeBSD's rudimentary procfs does not support /proc/<pid>/exe
|
||||
// We could use the P_TRACED flag of the process to find out
|
||||
// if the process is being debugged ond FreeBSD.
|
||||
int mode = PROC_TRACE_CTL_DISABLE;
|
||||
procctl(P_PID, getpid(), PROC_TRACE_CTL, &mode);
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
static void unsetDumpable(int sig)
|
||||
{
|
||||
#if HAVE_PR_SET_DUMPABLE
|
||||
prctl(PR_SET_DUMPABLE, 1);
|
||||
#endif
|
||||
signal(sig, SIG_IGN);
|
||||
raise(sig);
|
||||
return;
|
||||
}
|
||||
|
||||
void dropNiceCapability()
|
||||
{
|
||||
#if HAVE_LIBCAP
|
||||
|
|
@ -358,7 +314,6 @@ void dropNiceCapability()
|
|||
|
||||
int main(int argc, char * argv[])
|
||||
{
|
||||
KWin::disablePtrace();
|
||||
KWin::Application::setupMalloc();
|
||||
KWin::Application::setupLocalizedString();
|
||||
KWin::gainRealTime();
|
||||
|
|
@ -370,8 +325,6 @@ int main(int argc, char * argv[])
|
|||
signal(SIGINT, SIG_IGN);
|
||||
if (signal(SIGHUP, KWin::sighandler) == SIG_IGN)
|
||||
signal(SIGHUP, SIG_IGN);
|
||||
signal(SIGABRT, KWin::unsetDumpable);
|
||||
signal(SIGSEGV, KWin::unsetDumpable);
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
|
||||
QProcessEnvironment environment = QProcessEnvironment::systemEnvironment();
|
||||
|
|
|
|||
Loading…
Reference in a new issue