From nobody Sat Jan 29 01:11:15 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D00D81990C8D; Sat, 29 Jan 2022 01:11:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Jlx9H5SzFz4kjj; Sat, 29 Jan 2022 01:11:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643418676; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VWZVv577+KFdYD8PHBpn1EX8x2mAOvgaZpoGeIdiw5I=; b=PxdVPJMLTuyLS2B6+I2txIwP5iEA3qaezLMuaF3B483eTigDDh1bTsbu2oHE+ZS2Ssd2PM Erdk9MLDgMhicqDfWqhoBitwOXRecUOTw5vGJVVtFW9eUww5FTS5HsawgjHuEi+LS3i/Z5 dczT9wBorlHgLbuXZIBt3bZdAzI4xXF5qXBVbcEVkkHJs5PffmkEhgN1onlt15d5zFThzj GKkVQpkz7zqVm6BR9GPneHxbHh58OODOcrU9ZTA1eLkrqPROyq0uwvhZTHZB4HW562RsiY 3MgthNBepKVZsyv9w+fSNaSoW6CoTPm0g+jWl544cc/gGVE2GaOsu2EyvK+Q0g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6B67347E4; Sat, 29 Jan 2022 01:11:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20T1BFIG039642; Sat, 29 Jan 2022 01:11:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20T1BFuN039629; Sat, 29 Jan 2022 01:11:15 GMT (envelope-from git) Date: Sat, 29 Jan 2022 01:11:15 GMT Message-Id: <202201290111.20T1BFuN039629@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 5775b8b39261 - stable/13 - ptrace(2): document policies affecting access to the facility List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 5775b8b39261c1887fcaf41d74becf510ac24483 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643418676; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VWZVv577+KFdYD8PHBpn1EX8x2mAOvgaZpoGeIdiw5I=; b=w4nbjwCkkTpP8d0NR/IrzXbka0XV8Dt9+WfK9aC3hUdLqobMHwj7GSq5xPQ3wWGkvXGC7j agD4aZ0yU+QR7sR2+wiS9181w22uxSUmunmTjVRWnuLOREaq8rPNt3zcyzus/hWUcSK55r qFpRXlN4MKCXs+iTabEJq2b3fuIJWGRxflb3RF9s5vm2s/aU8hYnUtXZZDNNz9wQE7Hq4s JV3C44UVGwty6ZAi1RmKEJVjLmVgZwQL32R35aJ1+aDnLPDcuMjaqLE9ODDo8BjL7h74BX Q5OPAHz3Yzou1tkylu7RSyf7rkLM1QZb9PX1YYw89e+teMC9gBlDyMpAYe3ynQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643418676; a=rsa-sha256; cv=none; b=Z/ICgp+CDfYOHP0KTWxN+PGgyBHpIt0huE4kpdig2U2DyxVFC0yJCamOKUkQaYvUqfWrmd gFuxs5jaPQGL7Zy6C7uGo0MvdZ9HzxOWEaEXzUi4wk5dj4Q2M+mzk6bbV8n7Hmmwhzfd0o jr2UOyoXiyRu/aPkq3YkH9D1sVtCsInzub8lvpWLi50z6B1Vkfsn0//1/mPcrq8RApympo q9q2up8B9I+SiIJeqG86kNTR6tg0kvxL+FsSbyhH7jqdOwG9nHZOXPrlsYSSduiJIeBXh5 wXqARLLGbqHUqtWVfXYAZtPrSAyQqgwNyBuMu1J7tZQNHCgfqnBKaFKSEHZ9dA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=5775b8b39261c1887fcaf41d74becf510ac24483 commit 5775b8b39261c1887fcaf41d74becf510ac24483 Author: Konstantin Belousov AuthorDate: 2022-01-21 23:26:23 +0000 Commit: Konstantin Belousov CommitDate: 2022-01-29 01:10:45 +0000 ptrace(2): document policies affecting access to the facility (cherry picked from commit a393644ecbf05e27d613426cea524e1672aa339d) --- lib/libc/sys/ptrace.2 | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/lib/libc/sys/ptrace.2 b/lib/libc/sys/ptrace.2 index 43ec2b76bbfd..ef791d22e22c 100644 --- a/lib/libc/sys/ptrace.2 +++ b/lib/libc/sys/ptrace.2 @@ -2,7 +2,7 @@ .\" $NetBSD: ptrace.2,v 1.2 1995/02/27 12:35:37 cgd Exp $ .\" .\" This file is in the public domain. -.Dd May 20, 2021 +.Dd January 22, 2022 .Dt PTRACE 2 .Os .Sh NAME @@ -122,6 +122,55 @@ Kernel drops any signals queued to the traced children, which could be either generated by not yet consumed debug events, or sent by other means, the later should not be done anyway. +.Sh DISABLING PTRACE +The +.Nm +subsystem provides rich facilities to manipulate other processes state. +Sometimes it may be desirable to disallow it either completely, or limit +its scope. +The following controls are provided for this: +.Bl -tag -width security.bsd.unprivileged_proc_debug +.It Dv security.bsd.allow_ptrace +Setting this sysctl to zero value makes +.Xr ptrace 2 +return +.Er ENOSYS +always as if the syscall is not implemented by the kernel. +.It Dv security.bsd.unprivileged_proc_debug +Setting this sysctl to zero disallows use of +.Fn ptrace +by unprivileged processes. +.It Dv security.bsd.see_other_uids +Setting this sysctl to zero value disallows +.Fn ptrace +requests from targeting processes with the real user identifier different +from the real user identifier of the caller. +The requests return +.Er ESRCH +if policy is not met. +.It Dv security.bsd.see_other_gids +Setting this sysctl to zero value disallows +.Fn ptrace +requests from process belonging to a group that is not also one of +the group of the target process. +The requests return +.Er ESRCH +if policy is not met. +.It Dv securelevel and init +The +.Xr init 1 +process can only be traced with +.Nm +if securelevel is zero. +.It Dv procctl(2) PROC_TRACE_CTL +Process can deny attempts to trace itself with +.Xr procctl 2 +.Dv PROC_TRACE_CTL +request. +In this case requests return +.Xr EPERM +error. +.El .Sh TRACING EVENTS .Pp Each traced process has a tracing event mask.