Re: [patch] prctl.2: PR_SET_DUMPABLE makes process non-ptrace-attachable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Paul!

On Fri, May 6, 2011 at 5:49 PM, Paul Pluzhnikov <ppluzhnikov@xxxxxxxxxx> wrote:
> Michael,
>
> We've recently discovered that GDB will fail to attach to any process that
> sets itself non-dumpable. Tested on kernel 2.6.32, with:
>
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/prctl.h>
> #include <unistd.h>
>
> int main(int argc, char *argv[])
> {
>  if (prctl(PR_SET_DUMPABLE, 0, 0, 0) != 0) {
>    perror("prctl");
>  }
>  printf("Run gdb %s %d\n", argv[0], getpid());
>  sleep(20);
>  abort();
> }
>
>
> ./a.out
> Run gdb ./a.out 30476
>
>
> gdb -q  ./a.out 30476
> Reading symbols from /tmp/a.out...done.
> Attaching to program: /tmp/a.out, process 30476
> ptrace: Operation not permitted.
> /tmp/30476: No such file or directory.
>
>
>
> Attached patch (against current git trunk) documents this behavior.

Thanks. Applied for man-pages-3.34.

Cheers,

Michael


> diff --git a/man2/prctl.2 b/man2/prctl.2
> index bb455fa..b469071 100644
> --- a/man2/prctl.2
> +++ b/man2/prctl.2
> @@ -60,7 +60,7 @@ is called with a first argument describing what to do
>  arguments with a significance depending on the first one.
>  The first argument can be:
>  .TP
> -.BR PR_CAPBSET_READ " (since Linux 2.6.25)
> +.BR PR_CAPBSET_READ " (since Linux 2.6.25)"
>  Return (as the function result) 1 if the capability specified in
>  .I arg2
>  is in the calling thread's capability bounding set,
> @@ -120,6 +120,9 @@ for security reasons, this feature has been removed.
>  .I /proc/sys/fs/suid_dumpable
>  in
>  .BR proc (5).)
> +Processes that are not dumpable can not be attached via
> +.BR ptrace(2)
> +.BR PTRACE_ATTACH "."
>  .TP
>  .BR PR_GET_DUMPABLE " (since Linux 2.3.20)"
>  Return (as the function result) the current state of the calling
>



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Author of "The Linux Programming Interface"; http://man7.org/tlpi/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux