On 27/04/16 07:22, Elmar Stellnberger wrote: [...]
It says "operation not permitted" here when trying to ptrace firefox which was launched just normally as always as user elm. Nonetheless it was possible to backtrace the hanging frifeox-instance as user root as you can see in the P.S.-section. There are two things which I would like to say about it: * Firefox did apparently not only crash but acquire root privileges by doing so; otherwise it would not have needed user root to backtrace firefox (there is no SELinux, Apparmor or anything else running here; it is a plain Arch-installation)
I believe it's standard (for security reasons) in recent kernels to require root to trace any process that isn't a direct child of the tracer, even if the process is owned by the same user. This has been true for me on Arch Linux as well as Ubuntu. It doesn't necessarily mean Firefox gained root privileges. Try it on any other running user process, and you'll probably get the same behavior.
I believe there's a knob (/proc/sys/kernel/yama/ptrace_scope) that controls this restriction.
-- Travis Evans
