git: a393644ecbf0 - main - ptrace(2): document policies affecting access to the facility

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Sat, 22 Jan 2022 17:37:26 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=a393644ecbf05e27d613426cea524e1672aa339d

commit a393644ecbf05e27d613426cea524e1672aa339d
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2022-01-21 23:26:23 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2022-01-22 17:36:56 +0000

    ptrace(2): document policies affecting access to the facility
    
    Reviewed by:    emaste
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D33986
---
 lib/libc/sys/ptrace.2 | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 50 insertions(+), 1 deletion(-)

diff --git a/lib/libc/sys/ptrace.2 b/lib/libc/sys/ptrace.2
index 504891597dab..a0ca0ddee75f 100644
--- a/lib/libc/sys/ptrace.2
+++ b/lib/libc/sys/ptrace.2
@@ -2,7 +2,7 @@
 .\"	$NetBSD: ptrace.2,v 1.2 1995/02/27 12:35:37 cgd Exp $
 .\"
 .\" This file is in the public domain.
-.Dd May 20, 2021
+.Dd January 22, 2022
 .Dt PTRACE 2
 .Os
 .Sh NAME
@@ -122,6 +122,55 @@ Kernel drops any
 signals queued to the traced children, which could be either generated by
 not yet consumed debug events, or sent by other means, the later should
 not be done anyway.
+.Sh DISABLING PTRACE
+The
+.Nm
+subsystem provides rich facilities to manipulate other processes state.
+Sometimes it may be desirable to disallow it either completely, or limit
+its scope.
+The following controls are provided for this:
+.Bl -tag -width security.bsd.unprivileged_proc_debug
+.It Dv security.bsd.allow_ptrace
+Setting this sysctl to zero value makes
+.Xr ptrace 2
+return
+.Er ENOSYS
+always as if the syscall is not implemented by the kernel.
+.It Dv security.bsd.unprivileged_proc_debug
+Setting this sysctl to zero disallows use of
+.Fn ptrace
+by unprivileged processes.
+.It Dv security.bsd.see_other_uids
+Setting this sysctl to zero value disallows
+.Fn ptrace
+requests from targeting processes with the real user identifier different
+from the real user identifier of the caller.
+The requests return
+.Er ESRCH
+if policy is not met.
+.It Dv security.bsd.see_other_gids
+Setting this sysctl to zero value disallows
+.Fn ptrace
+requests from process belonging to a group that is not also one of
+the group of the target process.
+The requests return
+.Er ESRCH
+if policy is not met.
+.It Dv securelevel and init
+The
+.Xr init 1
+process can only be traced with
+.Nm
+if securelevel is zero.
+.It Dv procctl(2) PROC_TRACE_CTL
+Process can deny attempts to trace itself with
+.Xr procctl 2
+.Dv PROC_TRACE_CTL
+request.
+In this case requests return
+.Xr EPERM
+error.
+.El
 .Sh TRACING EVENTS
 .Pp
 Each traced process has a tracing event mask.