This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [suspend] [patch 3/3] attach-fail-reasons: SELinux deny_ptrace


>>>>> "Jan" == Jan Kratochvil <jan.kratochvil@redhat.com> writes:

Jan> On Tue, 06 Mar 2012 07:17:39 +0100, Jan Kratochvil wrote:
>> and here is the last bit for new SELinux 'deny_ptrace':
>> https://bugzilla.redhat.com/show_bug.cgi?id=786878

Jan> FYI going to keep this patch off-trunk for a while as 'deny_ptrace' is not
Jan> going to restrict PTRACE_TRACEME.  Therefore the GDB patch no longer has to
Jan> protect against failing PTRACE_TRACEME.  This does simplify the GDB patch.

Jan> I will wait till the SELinux kernel 'deny_ptrace' restrictions settle down.

I wonder whether ptrace-hardening approaches other than SELinux still
have restrictions on PTRACE_TRACEME.  If so then you may want a similar
patch anyhow.

Tom


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]