Re: Preventing ptrace()

From: David Wagner (dawat_private)
Date: Mon Jan 13 2003 - 12:20:44 PST

  • Next message: David Wheeler: "Re: Writing Secure code"

    Steffen Dettmer  wrote:
    >* Glynn Clements wrote on Fri, Jan 10, 2003 at 20:32 +0000:
    >> In 2.4.20, the actual permission checks for ptrace() are (from
    >> kernel/ptrace.c):
    >> 
    >> 	if (!task->mm->dumpable && !capable(CAP_SYS_PTRACE))
    >> 		goto bad;
    >
    >This is really "&&"? I had guessed, that if there is no
    >CAP_SYS_PTRACE, there is no ptrace allowed at all, and same
    >sounds logical for the "dumpable". What I'm missing?
    
    You've got it backwards, I believe.  If you've got CAP_SYS_PTRACE,
    you can ptrace() anything.  If you don't have it, you're subject to
    the normal permission controls.  CAP_SYS_PTRACE is a DAC override.
    Normally you don't have CAP_SYS_PTRACE, unless you're running as the
    superuser (euid=0).
    



    This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 15:52:17 PST