Am Tue, Dec 15, 2020 at 06:01:25PM +0100 schrieb Alejandro Colomar (man-pages): > Hi, > > There's a bug report: https://bugzilla.kernel.org/show_bug.cgi?id=210655 > > [[ > Under "Ptrace access mode checking", the documentation states: > "1. If the calling thread and the target thread are in the same thread > group, access is always allowed." > > This is incorrect. A thread may never attach to another in the same group. No, that is correct. ptrace-mode access checks do always short-circuit for tasks in the same thread group: /* Returns 0 on success, -errno on denial. */ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) { [...] /* May we inspect the given task? * This check is used both for attaching with ptrace * and for allowing access to sensitive information in /proc. * * ptrace_attach denies several cases that /proc allows * because setting up the necessary parent/child relationship * or halting the specified task is impossible. */ /* Don't let security modules deny introspection */ if (same_thread_group(task, current)) return 0; [...] } As the comment explains, you can't actually *attach* to another task in the same thread group; but that's not because of the ptrace-style access check rules, but because specifically *attaching* to another task in the same thread group doesn't work.
