change coming with maverick's 2.6.34-5 kernels
John McCabe-Dansted
gmatht at gmail.com
Mon Jun 21 13:14:46 BST 2010
On Mon, May 31, 2010 at 1:03 PM, Kees Cook <kees at ubuntu.com> wrote:
> a) Using "strace -p PID" and gdb's "attach" command will NOT work
> unless you are the root user (i.e. use "sudo strace -p PID ...")
> Running stuff with "strace" and "gdb" directly will work normally.
...
> a) /proc/sys/kernel/ptrace_scope: "0" allows original ptrace behavior
...
> I expect that the PTRACE changes will cause the greatest surprise. Since
> PTRACE is rarely needed by normal users, this change makes sense for the
I imagine that this will break software that does something like
onAssert() {
echo bt | gdb -q $0 getpid()
Alert ("Please report this backtrace", "Continue?") || die
}
Am I correct, if so what preferred technique should we replace this with?
The best simple solution I can see is something like
if (child_pid=fork()) {
//parent
wait(child_pid,...);
//process core file here
} else {
abort();
}
However this doesn't seem as nice, we have to unblock core dumps using
ulimit, we have to actually have to have space for the core dumps.
Also we have to assume that the core file generated matches "core*"
which theoretically may not be the case. If this is the best we can do
it is probably still better than automatically setting setting system
wide security configurations such as ``/proc/sys/kernel/ptrace_scope:
"0"'' in the installer.
--
John C. McCabe-Dansted
More information about the ubuntu-devel
mailing list