[wayland] Disallow ptrace on kwin_wayland process
In order to increase the security we disable ptrace on kwin_wayland. This makes it impossible for a another process running as the same user to attach to kwin_wayland to install a key logger. It doesn't protect against higher privileged users, but that's no problem: they can just read the input device file and don't need to attach to KWin to become a key logger. This change is highly inspired by a similar change to kscreenlocker. A difference is that KWin checks whether we are running under a debugger. In such a case we still want to allow ptrace.
This commit is contained in:
Martin Gräßlin
parent
c6aafe23de
commit
e5a27cffb1
3 changed files with 30 additions and 0 deletions
|
|
@ -274,9 +274,16 @@ configure_file(libkwineffects/kwinconfig.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/lib
|
|||
# for kwin internal things
|
||||
set(HAVE_X11_XCB ${X11_XCB_FOUND})
|
||||
|
||||
include(CheckIncludeFile)
|
||||
include(CheckIncludeFiles)
|
||||
include(CheckSymbolExists)
|
||||
check_include_files(unistd.h HAVE_UNISTD_H)
|
||||
check_include_files(malloc.h HAVE_MALLOC_H)
|
||||
|
||||
check_include_file("sys/prctl.h" HAVE_SYS_PRCTL_H)
|
||||
check_symbol_exists(PR_SET_DUMPABLE "sys/prctl.h" HAVE_PR_SET_DUMPABLE)
|
||||
add_feature_info("prctl-dumpable" HAVE_PR_SET_DUMPABLE "Required for disallow ptrace on greeter and kcheckpass process")
|
||||
|
||||
configure_file(config-kwin.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config-kwin.h )
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,8 @@
|
|||
#cmakedefine01 HAVE_GBM
|
||||
#cmakedefine01 HAVE_LIBHYBRIS
|
||||
#cmakedefine01 HAVE_WAYLAND_EGL
|
||||
#cmakedefine01 HAVE_SYS_PRCTL_H
|
||||
#cmakedefine01 HAVE_PR_SET_DUMPABLE
|
||||
|
||||
/* Define to 1 if you have the <unistd.h> header file. */
|
||||
#cmakedefine HAVE_UNISTD_H 1
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
#include <QCommandLineParser>
|
||||
#include <QtConcurrentRun>
|
||||
#include <QFile>
|
||||
#include <QFileInfo>
|
||||
#include <QFutureWatcher>
|
||||
#include <QProcess>
|
||||
#include <QSocketNotifier>
|
||||
|
|
@ -51,6 +52,10 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
#include <unistd.h>
|
||||
#endif // HAVE_UNISTD_H
|
||||
|
||||
#if HAVE_SYS_PRCTL_H
|
||||
#include <sys/prctl.h>
|
||||
#endif
|
||||
|
||||
#include <iostream>
|
||||
#include <iomanip>
|
||||
|
||||
|
|
@ -382,10 +387,26 @@ static QString automaticBackendSelection()
|
|||
return s_fbdevPlugin;
|
||||
}
|
||||
|
||||
static void disablePtrace()
|
||||
{
|
||||
#if HAVE_PR_SET_DUMPABLE
|
||||
// check whether we are running under a debugger
|
||||
const QFileInfo parent(QStringLiteral("/proc/%1/exe").arg(getppid()));
|
||||
if (parent.isSymLink() && parent.symLinkTarget().endsWith(QLatin1String("/gdb"))) {
|
||||
// debugger, don't adjust
|
||||
return;
|
||||
}
|
||||
|
||||
// disable ptrace in kwin_wayland
|
||||
prctl(PR_SET_DUMPABLE, 0);
|
||||
#endif
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
||||
int main(int argc, char * argv[])
|
||||
{
|
||||
KWin::disablePtrace();
|
||||
KWin::Application::setupMalloc();
|
||||
KWin::Application::setupLocalizedString();
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue