change coming with maverick's 2.6.34-5 kernels

John McCabe-Dansted gmatht at
Mon Jun 21 13:14:46 BST 2010

On Mon, May 31, 2010 at 1:03 PM, Kees Cook <kees at> wrote:
>  a) Using "strace -p PID" and gdb's "attach" command will NOT work
>    unless you are the root user (i.e. use "sudo strace -p PID ...")
>    Running stuff with "strace" and "gdb" directly will work normally.
>  a) /proc/sys/kernel/ptrace_scope: "0" allows original ptrace behavior
> I expect that the PTRACE changes will cause the greatest surprise.  Since
> PTRACE is rarely needed by normal users, this change makes sense for the

I imagine that this will break software that does something like

onAssert() {
   echo bt | gdb -q $0 getpid()
   Alert ("Please report this backtrace", "Continue?") || die

Am I correct, if so what preferred technique should we replace this with?

The best simple solution I can see is something like

if (child_pid=fork()) {
   //process core file here
} else {

However this doesn't seem as nice, we have to unblock core dumps using
ulimit, we have to actually have to have space for the core dumps.
Also we have to assume that the core file generated matches "core*"
which theoretically may not be the case. If this is the best we can do
it is probably still better than automatically setting setting system
wide security configurations such as  ``/proc/sys/kernel/ptrace_scope:
"0"'' in the installer.

John C. McCabe-Dansted

More information about the ubuntu-devel mailing list