Kees Cook <keescook@xxxxxxxxxxxx> writes: > On Tue, Jun 21, 2016 at 12:55 PM, Eric W. Biederman > <ebiederm@xxxxxxxxxxxx> wrote: > >> "Michael Kerrisk (man-pages)" <mtk.manpages@xxxxxxxxx> writes: >> >>> The algorithm employed for ptrace access mode checking deter‐ >>> mines whether the calling process is allowed to perform the >>> corresponding action on the target process, as follows: >>> >>> 1. If the calling thread and the target thread are in the same >>> thread group, access is always allowed. >> >> This test only exsits because the LSMs historically and I suspect >> continue to be broken and deny a process the ability to ptrace itself. > > Well, it's not that the LSMs are broken, it's that self-inspection is > a short-circuited "allow". The LSMs aren't involved. Long ago and far away. I modified /proc/self/something to use the same permissions as ptrace. This broken everyone's selinux setups. So the short circuit was added. Or in short the LSMs aren't involved because they got it wrong. If the selinux breakage was not in the selinux rules that are loaded from userspace but in the kernel module that short circuit check would have been confined to selinux. I have had an occasional thought and the occassional discussion about removing that check and just fixing the LSMs but at this point I don't think anyone cares enough to make that change. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
