Disabling ptrace
Robert Watson
rwatson at FreeBSD.org
Sat Jan 3 17:51:03 UTC 2015
On 3 Jan 2015, at 14:25, Konstantin Belousov <kostikbel at gmail.com> wrote:
>
>> In general, we had always planned to allow auditing of far more asynchronous events than we currently do ??? e.g., firewall events triggered asynchronously by system-call behaviour. We also had loose plans to allow auditing of NFS-originated RPCs, although those are arguably fairly synchronous and not so dissimilar to system calls in various ways.
>
> Isn't allowing a process to exempt itself from aduting a real security bug ?
Oh, definitely. This was an example, however, of more asynchronous tracing types and events, where having access to the ‘tracing disabled’ state of the originating process might prove important. For example, if we extended ktrace to support tracing some of the same sorts of asynchronous events, where full process context isn’t available, but the events can be cleanly tied back to the initiating process via a saved credential.
>> I???m OK with putting the flag on the process, but frequently the process credential is where we stick security-related subject/object flags...
>
> Should I interpret the statement as agreement, in principle, with the patch ?
As long as it is clearly and carefully documented in the man page that this is a non-security feature, I’m alright with it being brought in. We might want to think about how tools such as DTrace, etc, should report tracing failures when the flag is set.
Robert
More information about the freebsd-arch
mailing list