Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751299AbVIDIqI (ORCPT ); Sun, 4 Sep 2005 04:46:08 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751304AbVIDIqI (ORCPT ); Sun, 4 Sep 2005 04:46:08 -0400 Received: from willy.net1.nerim.net ([62.212.114.60]:26898 "EHLO willy.net1.nerim.net") by vger.kernel.org with ESMTP id S1751299AbVIDIqH (ORCPT ); Sun, 4 Sep 2005 04:46:07 -0400 Date: Sun, 4 Sep 2005 10:45:59 +0200 From: Willy Tarreau To: Andreas Hartmann Cc: linux-kernel@vger.kernel.org Subject: Re: forbid to strace a program Message-ID: <20050904084559.GC30279@alpha.home.local> References: <4IOGw-1DU-11@gated-at.bofh.it> <4IOGw-1DU-13@gated-at.bofh.it> <4IOGw-1DU-9@gated-at.bofh.it> <4IOQc-1Pk-23@gated-at.bofh.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.10i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1637 Lines: 36 Hi Andreas, On Sun, Sep 04, 2005 at 09:32:34AM +0200, Andreas Hartmann wrote: > > Can I ask why you want to hide the database password from root? > > It's easy: for security reasons. There could always be some bugs in some > software, which makes it possible for some other user, to gain root > privileges. Now, they could easily strace for information, they shouldn't > could do it. Then you're loosing your time. If the user gains root privileges, then he can do what he wants to get the password, including loading modules or scanning the memory. For instance, it happened to me several times that my browser crashed during a post with a very long message. Not funny at all. Then, as root, I started my hex editor and scaned all memory for words I was sure I wouldn't find anywhere else, and then I could restore my data by hand. Doing so to find a password is pretty easy too. And don't tell me that it's deleted very soon, because it's also possible to send lots of SIGSTOP/scan/SIGCONT very fast to try to catch the clear password. > The password they could see, isn't just used for the DB, but > for some other applications, too. That's the disadvantage of general > (single sign on) passwords. can't you use a specific password just for this app ? or use another server on which no user has access to relay your connections and insert the right password itself ? Regards, Willy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/