This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [suspend] [patch 3/3] attach-fail-reasons: SELinux deny_ptrace


On 03/08/2012 04:43 PM, Tom Tromey wrote:

> I wonder whether ptrace-hardening approaches other than SELinux still
> have restrictions on PTRACE_TRACEME.  If so then you may want a similar
> patch anyhow.


AFAIK, yama (ubuntu) only protects PTRACE_ATTACH.

>From <https://wiki.ubuntu.com/Security/Features#ptrace>:

"ptrace scope

A troubling weakness of the Linux process interfaces is that a single user is able to examine the
memory and running state of any of their processes. For example, if one application was compromised,
it would be possible for an attacker to attach to other running processes (e.g. SSH sessions,
GPG agent, etc) to extract additional credentials and continue to immediately expand the scope
of their attack without resorting to user-assisted phishing or trojans.

In Ubuntu 10.10 and later, users cannot ptrace processes that are not a descendant of
the debugger. The behavior is controllable through
the /proc/sys/kernel/yama/ptrace_scope sysctl, available via Yama.

In the case of automatic crash handlers, a crashing process can specficially allow an existing
crash handler process to attach on a process-by-process basis
using prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0)."

-- 
Pedro Alves


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]