From nobody Sat Jan 22 17:37:26 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0CA31196CE86; Sat, 22 Jan 2022 17:37:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Jh3NQ3XpXz3tsQ; Sat, 22 Jan 2022 17:37:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642873046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RGjOK01w+5Raqi6AtM4C/3ua0qzfZ+hEM88j7R94K9I=; b=Ya6MHQaKzI4c5M/ZwG4BozXPJEEoOP+l6IgFFiofnYzSgzDH82FMm54jzoEDji/vWdY9k8 z09RE97+fOPwyPQZ8snpvrq0fFn8N1xEwSICjaI2AwpvDzkzSVuziE8wXUHwJ4nrBwww1t iHJk+iXjIIpd4uX1mOJNkmnCPnW54FYK8XcsBf4ietiVCBCJ8MNilmpkpNQPDzfWE7P8+E 7wjffNWeuE4KFjxJEnsPy0ovkzu4Z+u3LQQCNhCdQaB3wqt2DFJ9hNHTTLO2wW/uhDLA33 +5bVrlVxquqjWjhPJUVQJpFhOP8aYOXdyq562XnHK4M8OHEYP2D7hy9g9IrQLw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 43E621378F; Sat, 22 Jan 2022 17:37:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20MHbQW7040180; Sat, 22 Jan 2022 17:37:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20MHbQvb040179; Sat, 22 Jan 2022 17:37:26 GMT (envelope-from git) Date: Sat, 22 Jan 2022 17:37:26 GMT Message-Id: <202201221737.20MHbQvb040179@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: a393644ecbf0 - main - ptrace(2): document policies affecting access to the facility List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a393644ecbf05e27d613426cea524e1672aa339d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642873046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RGjOK01w+5Raqi6AtM4C/3ua0qzfZ+hEM88j7R94K9I=; b=wAj01p7E05gmDRn7P1EdOGP5UtRAIUyXjDkz7HYA53xm5wgkfB2WguU/cU+Teg4QKp5C+c RmjHBA6eehjF3/1iVn+Nz+sz0TniPLkGw6xlHipg1CglC9Dz9HK4U4ZgKZ+QuooWUXp1C1 D0m+3Hm17cLl7zqXTSM1xuS9DFxK4j2N6de1Hs7G505O6J6mB9h7hq/1zHbkUT/fCOl8iN tVYGO8cIGmmnfO6lBoNPDCoBKdu8zan/DbFKqzKBLsM/3ZRIIW7TXgM88auvQQNJE8T00/ NEVWVF4YgJCD88ImcizLfYr/aiSkOJw4ycjPmPDCmZsDHEIdsCdwsPN//IBkng== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1642873046; a=rsa-sha256; cv=none; b=y4APGQS8RFJuK2q9dZypIn3J0rAoJtuhgTIh32/HCzMm0q5tvPL2NKhGrFUmn5Lh3l/PO9 I5OgXjB5AyAR0TW4Kqn/6WFZr9g3mKUimFeVB0ClGpbUQO8kfI+kFiCWt3PjJ+2qz7pBlP vrPQV0axRVEr4E55wx+cotmI7iY6ZB39UKfI8jGlXwZTQ5J/i6b4iLlYMF0p/0CG83YrvA trLhJlawn8l91YS0hBC5+gDBY/DLdTgPJDJungUz8CJQ6KbpQkEfJEQ87UILwSdsKXL8OF OmpvDUO7uBKd5aBFr/S1Laghm87Xa7AR3qjWbGrgaCewlbrFkwF0/lQyu793hg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=a393644ecbf05e27d613426cea524e1672aa339d commit a393644ecbf05e27d613426cea524e1672aa339d Author: Konstantin Belousov AuthorDate: 2022-01-21 23:26:23 +0000 Commit: Konstantin Belousov CommitDate: 2022-01-22 17:36:56 +0000 ptrace(2): document policies affecting access to the facility Reviewed by: emaste Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D33986 --- lib/libc/sys/ptrace.2 | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/lib/libc/sys/ptrace.2 b/lib/libc/sys/ptrace.2 index 504891597dab..a0ca0ddee75f 100644 --- a/lib/libc/sys/ptrace.2 +++ b/lib/libc/sys/ptrace.2 @@ -2,7 +2,7 @@ .\" $NetBSD: ptrace.2,v 1.2 1995/02/27 12:35:37 cgd Exp $ .\" .\" This file is in the public domain. -.Dd May 20, 2021 +.Dd January 22, 2022 .Dt PTRACE 2 .Os .Sh NAME @@ -122,6 +122,55 @@ Kernel drops any signals queued to the traced children, which could be either generated by not yet consumed debug events, or sent by other means, the later should not be done anyway. +.Sh DISABLING PTRACE +The +.Nm +subsystem provides rich facilities to manipulate other processes state. +Sometimes it may be desirable to disallow it either completely, or limit +its scope. +The following controls are provided for this: +.Bl -tag -width security.bsd.unprivileged_proc_debug +.It Dv security.bsd.allow_ptrace +Setting this sysctl to zero value makes +.Xr ptrace 2 +return +.Er ENOSYS +always as if the syscall is not implemented by the kernel. +.It Dv security.bsd.unprivileged_proc_debug +Setting this sysctl to zero disallows use of +.Fn ptrace +by unprivileged processes. +.It Dv security.bsd.see_other_uids +Setting this sysctl to zero value disallows +.Fn ptrace +requests from targeting processes with the real user identifier different +from the real user identifier of the caller. +The requests return +.Er ESRCH +if policy is not met. +.It Dv security.bsd.see_other_gids +Setting this sysctl to zero value disallows +.Fn ptrace +requests from process belonging to a group that is not also one of +the group of the target process. +The requests return +.Er ESRCH +if policy is not met. +.It Dv securelevel and init +The +.Xr init 1 +process can only be traced with +.Nm +if securelevel is zero. +.It Dv procctl(2) PROC_TRACE_CTL +Process can deny attempts to trace itself with +.Xr procctl 2 +.Dv PROC_TRACE_CTL +request. +In this case requests return +.Xr EPERM +error. +.El .Sh TRACING EVENTS .Pp Each traced process has a tracing event mask.