Re: 2.4+ptrace exploit fix breaks root's ability to strace

Russell King (rmk@arm.linux.org.uk)
Sat, 22 Mar 2003 14:10:06 +0000

On Sat, Mar 22, 2003 at 02:58:51PM +0000, Alan Cox wrote:
> On Sat, 2003-03-22 at 10:31, Russell King wrote:
> > Are the authors of the ptrace patch aware that, in addition to closing the
> > hole, the "fix" also prevents a ptrace-capable task (eg, strace started by
> > root) from ptracing user threads?
> >
> > For example, you can't strace vsftpd processes started from xinetd.
> >
> > Is this intended behaviour?
>
> Its an unintended side effect, nobody has sent a patch to fix it yet.

How about this fix? PT_PTRACE_CAP is set when we attach to a process
and the process doing the attaching has the ptrace capability.

Note that this patch is against the 2.4.19 version of ptrace.c with the
2.4.20 ptrace patch applied.

--- orig/kernel/ptrace.c Wed Mar 19 15:54:45 2003
+++ linux/kernel/ptrace.c Sat Mar 22 10:14:01 2003
@@ -22,7 +22,7 @@
int ptrace_check_attach(struct task_struct *child, int kill)
{
mb();
- if (!is_dumpable(child))
+ if (!is_dumpable(child) && !(child->ptrace & PT_PTRACE_CAP))
return -EPERM;

if (!(child->ptrace & PT_PTRACED))
@@ -140,7 +140,7 @@
/* Worry about races with exit() */
task_lock(tsk);
mm = tsk->mm;
- if (!is_dumpable(tsk) || (&init_mm == mm))
+ if ((!is_dumpable(tsk) || (&init_mm == mm)) && !(tsk->ptrace & PT_PTRACE_CAP))
mm = NULL;
if (mm)
atomic_inc(&mm->mm_users);

-- 
Russell King (rmk@arm.linux.org.uk)                The developer of ARM Linux
             http://www.arm.linux.org.uk/personal/aboutme.html


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/