Re: Why can't I ptrace init (pid == 1) ?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Miquel van Smoorenburg: "Re: Why can't I ptrace init (pid == 1) ?"
• Previous message: Andi Kleen: "Re: Should VLANs be devices or something else?"
• Maybe in reply to: richard offer: "Why can't I ptrace init (pid == 1) ?"
• Next in thread: Miquel van Smoorenburg: "Re: Why can't I ptrace init (pid == 1) ?"

I don't know why they did it, but ptracing init is definitely a added
security risk. If an intruder can't take over init, then a smart
init can fight back. Of course most inits aren't that smart, but
at least they can log problems and such. The intruder can't prevent
that because init cannot be killed except by booting (which is
noticeable),
and it cannot be taken over with ptrace. ptrace could otherwise
be used to make init exec some other init that doesn't do the
logging.

If you want to debug the init software, consider running it
as a normal processs (not PID 1). If that is impossible , e.g.
you need a real-life setup, do remove the above test temporarily
and make an init-debug kernel for this purpose.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Miquel van Smoorenburg: "Re: Why can't I ptrace init (pid == 1) ?"
• Previous message: Andi Kleen: "Re: Should VLANs be devices or something else?"
• Maybe in reply to: richard offer: "Why can't I ptrace init (pid == 1) ?"
• Next in thread: Miquel van Smoorenburg: "Re: Why can't I ptrace init (pid == 1) ?"