git: 5775b8b39261 - stable/13 - ptrace(2): document policies affecting access to the facility
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 29 Jan 2022 01:11:15 UTC
The branch stable/13 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=5775b8b39261c1887fcaf41d74becf510ac24483 commit 5775b8b39261c1887fcaf41d74becf510ac24483 Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2022-01-21 23:26:23 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2022-01-29 01:10:45 +0000 ptrace(2): document policies affecting access to the facility (cherry picked from commit a393644ecbf05e27d613426cea524e1672aa339d) --- lib/libc/sys/ptrace.2 | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/lib/libc/sys/ptrace.2 b/lib/libc/sys/ptrace.2 index 43ec2b76bbfd..ef791d22e22c 100644 --- a/lib/libc/sys/ptrace.2 +++ b/lib/libc/sys/ptrace.2 @@ -2,7 +2,7 @@ .\" $NetBSD: ptrace.2,v 1.2 1995/02/27 12:35:37 cgd Exp $ .\" .\" This file is in the public domain. -.Dd May 20, 2021 +.Dd January 22, 2022 .Dt PTRACE 2 .Os .Sh NAME @@ -122,6 +122,55 @@ Kernel drops any signals queued to the traced children, which could be either generated by not yet consumed debug events, or sent by other means, the later should not be done anyway. +.Sh DISABLING PTRACE +The +.Nm +subsystem provides rich facilities to manipulate other processes state. +Sometimes it may be desirable to disallow it either completely, or limit +its scope. +The following controls are provided for this: +.Bl -tag -width security.bsd.unprivileged_proc_debug +.It Dv security.bsd.allow_ptrace +Setting this sysctl to zero value makes +.Xr ptrace 2 +return +.Er ENOSYS +always as if the syscall is not implemented by the kernel. +.It Dv security.bsd.unprivileged_proc_debug +Setting this sysctl to zero disallows use of +.Fn ptrace +by unprivileged processes. +.It Dv security.bsd.see_other_uids +Setting this sysctl to zero value disallows +.Fn ptrace +requests from targeting processes with the real user identifier different +from the real user identifier of the caller. +The requests return +.Er ESRCH +if policy is not met. +.It Dv security.bsd.see_other_gids +Setting this sysctl to zero value disallows +.Fn ptrace +requests from process belonging to a group that is not also one of +the group of the target process. +The requests return +.Er ESRCH +if policy is not met. +.It Dv securelevel and init +The +.Xr init 1 +process can only be traced with +.Nm +if securelevel is zero. +.It Dv procctl(2) PROC_TRACE_CTL +Process can deny attempts to trace itself with +.Xr procctl 2 +.Dv PROC_TRACE_CTL +request. +In this case requests return +.Xr EPERM +error. +.El .Sh TRACING EVENTS .Pp Each traced process has a tracing event mask.