From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 11105 invoked by alias); 8 Mar 2012 16:51:21 -0000 Received: (qmail 11089 invoked by uid 22791); 8 Mar 2012 16:51:17 -0000 X-SWARE-Spam-Status: No, hits=-6.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 08 Mar 2012 16:51:04 +0000 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q28Gp4UZ010373 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 8 Mar 2012 11:51:04 -0500 Received: from [127.0.0.1] (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id q28Gp2hP012806; Thu, 8 Mar 2012 11:51:03 -0500 Message-ID: <4F58E376.2000303@redhat.com> Date: Thu, 08 Mar 2012 16:51:00 -0000 From: Pedro Alves User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120216 Thunderbird/10.0.1 MIME-Version: 1.0 To: Tom Tromey CC: Jan Kratochvil , gdb-patches@sourceware.org Subject: Re: [suspend] [patch 3/3] attach-fail-reasons: SELinux deny_ptrace References: <20120306061739.GC24004@host2.jankratochvil.net> <20120308065319.GA15742@host2.jankratochvil.net> <87d38nnivc.fsf@fleche.redhat.com> In-Reply-To: <87d38nnivc.fsf@fleche.redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-03/txt/msg00274.txt.bz2 On 03/08/2012 04:43 PM, Tom Tromey wrote: > I wonder whether ptrace-hardening approaches other than SELinux still > have restrictions on PTRACE_TRACEME. If so then you may want a similar > patch anyhow. AFAIK, yama (ubuntu) only protects PTRACE_ATTACH. >From : "ptrace scope A troubling weakness of the Linux process interfaces is that a single user is able to examine the memory and running state of any of their processes. For example, if one application was compromised, it would be possible for an attacker to attach to other running processes (e.g. SSH sessions, GPG agent, etc) to extract additional credentials and continue to immediately expand the scope of their attack without resorting to user-assisted phishing or trojans. In Ubuntu 10.10 and later, users cannot ptrace processes that are not a descendant of the debugger. The behavior is controllable through the /proc/sys/kernel/yama/ptrace_scope sysctl, available via Yama. In the case of automatic crash handlers, a crashing process can specficially allow an existing crash handler process to attach on a process-by-process basis using prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0)." -- Pedro Alves