crash handlers and PTRACE in Ubuntu 10.10
kees.cook at canonical.com
Thu Jul 8 21:09:23 BST 2010
On Thu, Jun 24, 2010 at 11:34:33AM -0700, Kees Cook wrote:
> On Thu, Jun 24, 2010 at 01:15:37PM -0500, Serge E. Hallyn wrote:
> > Quoting Kees Cook (kees at ubuntu.com):
> > > 5) "declared PTRACEing"
> > > Recognize that the PTRACEing we want to allow is in very specific
> > > declared situations (i.e. the PID of the debugger is always known by
> > > the debugee, so have the debugee "declare" that it wishes to be
> > > debugged). This interface does not exist. It would require the
> > > creation of something like:
> > > ptrace(PTRACE_TRACEDBY, debugger_pid, NULL, NULL);
> > > This would be, at least for now, an Ubuntu-specific extension. For
> > > KDE applications, this is a trivial change, since the KDE crash
> > > handler stays in a while loop, calling sleep() until the debugger
> > > process quits. Chromium would likely need to pass the debugger pid
> > > back through the segfault handler in the sandbox -- I got lost reading
> > > the syscall emulation-through-seccomp, so maybe it's as easy as KDE's.
> > While ptrace(PTRACE_TRACEDBY) is more elegant, if you were to use a
> > new prctl option then your yama lsm could just handle that. Whereas
> > to have it handle PTRACE_TRACEDBY, I think you'd have to introduce a
> > new lsm hook.
> Okay, well, it'll be a bit of a Linux (and Yama) specific hack for the
> time-being, but I think this should be doable. I'll get something
> prepared for testing.
Okay, this is ready now, and should be testable with the -7 and later
prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0);
I've done this for KDE, and commented on the Chromium bug.
Ubuntu Security Team
More information about the ubuntu-devel