Additionally, disabling the call to `prctl(PR_SET_DUMPABLE, 0)` for the processes that store sensitive data, such as ssh-agent, is a very bad idea, as the other process will be able to ptrace the these processes and stole the data.
---
Paul M. Ärloch
Lingvam scriptvm habere debes vt hanc paginam inspicias.
------- Original Message -------
On Wednesday, August 16th, 2023 at 4:38 PM, memchr <memchr@xxxxxxxxx> wrote:
> > Given a ssh-agent
>
> The simple reason is that the ssh-agent explicitly disables tracing.
>
> `#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) /* Disable ptrace on Linux without sgid bit */ if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict) fatal("unable to make process undumpable: %s", strerror(errno)); #endif`
>
> So you won't be able to dump anything on this process, even if your user owns it.
>
> You can do a little experiment by rebuilding the ssh agent without the call to `platform_disable_tracing()` in `main()`. fuser will then be able to list the socket.
>
> > I cannot quite see why you would want to make it
>
>
> For security reasons, a lot of processes would call `prctl(PR_SET_DUMPABLE, 0)`, it is very impractical to patch out this call just to list their sockets without root privilege.
>
> > (as in: lie)
>
> They are not lying, please see `man prctl.2`.
>
>
>
> ---
> Paul M. Ärloch
> Lingvam scriptvm habere debes vt hanc paginam inspicias.
>
> ------- Original Message -------
> On Wednesday, August 16th, 2023 at 3:37 PM, Hauke Fath hf@xxxxxxxxxxxxxxxxxxx wrote:
>
>
>
> > On 8/16/23 17:20, memchr wrote:
> >
> > > > not able to get any information on active unix
> > > > domain sockets
> >
> > > What do you mean by this? Can you provide more context, such as the
> > > command you tried to run and the resulting error message?
> >
> > Sure.
> >
> > Given a ssh-agent(8) socket, running lsof/sockstat/fuser as
> > non-privileged user
> >
> > % ls -l /tmp/ssh-XXXXXXXw5UyQ/
> > total 0
> > srw------- 1 hf4kh spgmit 0 Aug 16 16:44 agent.629
> > % lsof -U
> > % sockstat -u | grep /tmp/ssh-
> > % fuser /tmp/ssh-XXXXXXXw5UyQ/agent.629
> > %
> >
> > whereas for root
> >
> > # lsof -U | grep /tmp/ssh-
> > ssh-agent 630 hf4kh 3u unix 0x00000000f56378b9 0t0 21916
> > /tmp/ssh-XXXXXXXw5UyQ/agent.629 type=STREAM
> > # # sockstat -u | grep /tmp/ssh-
> > root rserver 363 unix
> > /tmp/ssh-XXXXXXXw5UyQ/agent.629
> > root rserver 363 unix
> > /tmp/ssh-XXXXXXXw5UyQ/agent.629
> > root sendmail 401 unix
> > /tmp/ssh-XXXXXXXw5UyQ/agent.629
> > root lxdm-greeter-gt 575 unix
> > /tmp/ssh-XXXXXXXw5UyQ/agent.629
> > root ssh-agent 630 unix
> > /tmp/ssh-XXXXXXXw5UyQ/agent.629
> > # fuser /tmp/ssh-XXXXXXXw5UyQ/agent.629
> > /tmp/ssh-XXXXXXXw5UyQ/agent.629: 630
> > #
> >
> > (the sockstat(1) output looks a bit off, though).
> >
> > I can see that you might want the option to restrict information
> > access that way, but I cannot quite see why you would want to make it
> > the default, and just return nothing (as in: lie) instead of flagging a
> > lack of permissions.
> >
> > HTH,
> > Hauke
> >
> > --
> > The ASCII Ribbon Campaign Hauke Fath
> > () No HTML/RTF in email Institut für Nachrichtentechnik
> > /\ No Word docs in email TU Darmstadt
> > Respect for open standards Ruf +49-6151-16-21344
