[PATCH] ptrace: it is fun to strace /sbin/init

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Andrew Morton <akpm@...>

Cc: Eric W. Biederman <ebiederm@...>, Pavel Emelyanov <xemul@...>, Pavel Machek <pavel@...>, Stephen Smalley <sds@...>, Roland McGrath <roland@...>, <linux-kernel@...>

Subject: [PATCH] ptrace: it is fun to strace /sbin/init

Date: Sunday, March 23, 2008 - 9:51 am

(re-send with updated changelog)

Ptracing of /sbin/init is not allowed. Of course, this is dangerous, but may
be useful. Introduce the kernel boot parameter to allow this, so that we can't
surprise some special/secured systems.

Afaics, with the recent changes there is no kernel problems with ptracing init,
it can't lose SIGNAL_UNKILLABLE flag and be killed by accident. However, admin
should know what it does, "gdb /sbin/init 1" stops init, it can't reap zombies
or take care of /etc/inittab until continued. It is even possible to crash init
(and thus the whole system) if you wish, ptracer has full control.

The "if (pid == 1)" check in ptrace_get_task_struct() is killed, ptrace_attach
does the same check.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>

--- 25/kernel/ptrace.c~5_INIT_PTRACE	2008-03-16 17:22:04.000000000 +0300
+++ 25/kernel/ptrace.c	2008-03-16 18:33:02.000000000 +0300
@@ -160,6 +160,15 @@ int ptrace_may_attach(struct task_struct
 	return !err;
 }
 
+static int allow_ptrace_init;
+
+static int __init __allow_ptrace_init(char *str)
+{
+	allow_ptrace_init = 1;
+	return 1;
+}
+__setup("init_ptrace", __allow_ptrace_init);
+
 int ptrace_attach(struct task_struct *task)
 {
 	int retval;
@@ -168,7 +177,7 @@ int ptrace_attach(struct task_struct *ta
 	audit_ptrace(task);
 
 	retval = -EPERM;
-	if (task->pid <= 1)
+	if (unlikely(is_global_init(task)) && likely(!allow_ptrace_init))
 		goto out;
 	if (same_thread_group(task, current))
 		goto out;
@@ -518,12 +527,6 @@ struct task_struct *ptrace_get_task_stru
 {
 	struct task_struct *child;
 
-	/*
-	 * Tracing init is not allowed.
-	 */
-	if (pid == 1)
-		return ERR_PTR(-EPERM);
-
 	read_lock(&tasklist_lock);
 	child = find_task_by_vpid(pid);
 	if (child)
--- 25/Documentation/kernel-parameters.txt~5_INIT_PTRACE	2008-02-15 16:58:12.000000000 +0300
+++ 25/Documentation/kernel-parameters.txt	2008-03-16 18:30:28.000000000 +0300
@@ -803,6 +803,8 @@ and is between 256 and 4096 characters. 
 			Run specified binary instead of /sbin/init as init
 			process.
 
+	init_ptrace	[KNL] Allows to ptrace init.
+
 	initcall_debug	[KNL] Trace initcalls as they are executed.  Useful
 			for working out where the kernel is dying during
 			startup.

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Sun Mar 23, 9:51 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 6:29 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 6:56 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 7:08 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 6:00 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Roland McGrath, (Tue Mar 25, 6:00 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Tue Mar 25, 1:42 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:16 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:22 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Tue Mar 25, 10:47 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:56 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:30 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:35 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:58 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:29 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 12:01 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 12:40 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 6:39 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:04 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Stephen Smalley, (Tue Mar 25, 8:03 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Serge E. Hallyn, (Tue Mar 25, 9:40 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Stephen Smalley, (Tue Mar 25, 10:37 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Serge E. Hallyn, (Tue Mar 25, 2:06 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Emelyanov, (Wed Mar 26, 11:47 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Tue Mar 25, 5:55 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morgan, (Wed Mar 26, 11:31 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Herbert Poetzl, (Tue Mar 25, 3:07 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 7:09 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:18 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 7:26 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:38 pm)


linux-kernel:
Andrew Morton	Re: [PATCH 00/23] per device dirty throttling -v8
Mariusz Kozlowski	[PATCH 02] kmalloc + memset conversion to kzalloc
Andi Kleen	[PATCH x86] [3/16] Turn irq debugging options into module params
Shawn Bohrer	Re: x86: 4kstacks default
git:
Sean	Re: VCS comparison table
Eric Wong	Re: [RFC] Git config file reader in Perl (WIP)
free cycle	How to Import a bitkeeper repo into git
Petko Manolov	git and binary files
openbsd-misc:
Alex Thurlow	Router performance on OpenBSD and OpenBGPD
GVG GVG	ssh_exchange_identification: Connection closed by remote host
frantisek holop	nptd regression in 4.2
Richard Stallman	Real men don't attack straw men
linux-netdev:
Matthew Dharm	Re: [RFC] Patch to option HSO driver to the kernel
David Miller	Re: 2.6.25-rc8: FTP transfer errors
Indan Zupancic	Re: Realtek 8111C transmit timed out
Julius Volz	[PATCH RFC 02/24] IPVS: Add genetlink interface implementation


How to exec user process in kernel mode.	1 day ago	Linux kernel
[IPSEC]IPSEC_MANUAL_REQID_MAX	1 day ago	Linux kernel
help in UDP catching module..	2 days ago	Linux kernel
Is there anything like Real-time drivers?	4 days ago	Linux general
ns16550 serail console in Linux 2.6.19	4 days ago	Linux general
what class should i use to register my devices	4 days ago	Linux kernel
reset bios pasword toshiba	4 days ago	Hardware
Analysis of Process Scheduling	5 days ago	Linux kernel
RT Kernel and SSH Server Panics	5 days ago	Linux kernel
Resetting the bios password for Toshiba Laptop	5 days ago	Hardware

[PATCH] ptrace: it is fun to strace /sbin/init

Online users