Disabling ptrace
Konstantin Belousov
kostikbel at gmail.com
Tue Dec 30 20:44:51 UTC 2014
On Tue, Dec 30, 2014 at 12:22:12PM -0800, Simon J. Gerraty wrote:
> Shawn Webb <lattera at gmail.com> wrote:
> > I'm curious what the use case was that brought this up. And why the requester
> > thinks it's actually useful.
>
> Being able to disable ptrace is useful - provided it cannot be bypassed.
> In Junos we leveraged the signed binary implementation (based on NetBSD's
> verified exec) to tag processes for which ptrace should fail. The
> signed binary stuff also supposed to prevent games with LD_PRELOAD -
> assuming we didn't provide and sign the lib in question.
Look. If somebody can preload a library into the process, or arbitrary
modify the text segment, circumventing ptrace(2) ban is a least worry.
The reference to the "Old New Thing" blog I posted before explains
that with with fireworks, based on real 'security reports' sent to the
security team at MS.
>
> When we re-implemented veriexec as a MAC module, the above was left out,
> in anticipation of using a separate module (though perhaps still
> leveraging veriexec to set the labels).
More information about the freebsd-arch
mailing list