change coming with maverick's 2.6.34-5 kernels
Evan Broder
broder at MIT.EDU
Mon May 31 13:42:58 BST 2010
On Mon, May 31, 2010 at 1:03 AM, Kees Cook <kees at ubuntu.com> wrote:
> a) Using "strace -p PID" and gdb's "attach" command will NOT work
> unless you are the root user (i.e. use "sudo strace -p PID ...")
> Running stuff with "strace" and "gdb" directly will work normally.
I'm really, really struggling with this. I guess that I can see and
understand the motivation for the change, but I expect this to
completely and totally throw developers for a loop, which bothers me
because I am one, and because most of my users here at school are as
well.
I would strongly favor adding aggressive feedback directly to
applications that use ptrace. Can we patch strace and gdb to each
check when they get an EPERM, and if the process they're attaching to
has the same UID, print out a message pointing users at the sysctl?
That way, at least if we have to break something that used to work, we
can put the fix in the same place as the breakage.
- Evan
More information about the ubuntu-devel
mailing list