Home » Mailing list archives » linux-kernel » 2008 » March » 23

[PATCH] ptrace: it is fun to strace /sbin/init

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Oleg Nesterov <oleg@...>
To: Andrew Morton <akpm@...>
Cc: Eric W. Biederman <ebiederm@...>, Pavel Emelyanov <xemul@...>, Pavel Machek <pavel@...>, Stephen Smalley <sds@...>, Roland McGrath <roland@...>, <linux-kernel@...>
Subject: [PATCH] ptrace: it is fun to strace /sbin/init
Date: Sunday, March 23, 2008 - 9:51 am

(re-send with updated changelog)

Ptracing of /sbin/init is not allowed. Of course, this is dangerous, but may
be useful. Introduce the kernel boot parameter to allow this, so that we can't
surprise some special/secured systems.

Afaics, with the recent changes there is no kernel problems with ptracing init,
it can't lose SIGNAL_UNKILLABLE flag and be killed by accident. However, admin
should know what it does, "gdb /sbin/init 1" stops init, it can't reap zombies
or take care of /etc/inittab until continued. It is even possible to crash init
(and thus the whole system) if you wish, ptracer has full control.

The "if (pid == 1)" check in ptrace_get_task_struct() is killed, ptrace_attach
does the same check.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>

--- 25/kernel/ptrace.c~5_INIT_PTRACE	2008-03-16 17:22:04.000000000 +0300
+++ 25/kernel/ptrace.c	2008-03-16 18:33:02.000000000 +0300
@@ -160,6 +160,15 @@ int ptrace_may_attach(struct task_struct
 	return !err;
 }
 
+static int allow_ptrace_init;
+
+static int __init __allow_ptrace_init(char *str)
+{
+	allow_ptrace_init = 1;
+	return 1;
+}
+__setup("init_ptrace", __allow_ptrace_init);
+
 int ptrace_attach(struct task_struct *task)
 {
 	int retval;
@@ -168,7 +177,7 @@ int ptrace_attach(struct task_struct *ta
 	audit_ptrace(task);
 
 	retval = -EPERM;
-	if (task->pid <= 1)
+	if (unlikely(is_global_init(task)) && likely(!allow_ptrace_init))
 		goto out;
 	if (same_thread_group(task, current))
 		goto out;
@@ -518,12 +527,6 @@ struct task_struct *ptrace_get_task_stru
 {
 	struct task_struct *child;
 
-	/*
-	 * Tracing init is not allowed.
-	 */
-	if (pid == 1)
-		return ERR_PTR(-EPERM);
-
 	read_lock(&tasklist_lock);
 	child = find_task_by_vpid(pid);
 	if (child)
--- 25/Documentation/kernel-parameters.txt~5_INIT_PTRACE	2008-02-15 16:58:12.000000000 +0300
+++ 25/Documentation/kernel-parameters.txt	2008-03-16 18:30:28.000000000 +0300
@@ -803,6 +803,8 @@ and is between 256 and 4096 characters. 
 			Run specified binary instead of /sbin/init as init
 			process.
 
+	init_ptrace	[KNL] Allows to ptrace init.
+
 	initcall_debug	[KNL] Trace initcalls as they are executed.  Useful
 			for working out where the kernel is dying during
 			startup.

--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Sun Mar 23, 9:51 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 6:29 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 6:56 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 7:08 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 6:00 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Roland McGrath, (Tue Mar 25, 6:00 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Tue Mar 25, 1:42 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:16 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:22 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Tue Mar 25, 10:47 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:56 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:30 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:35 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:58 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:29 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 12:01 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 12:40 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 6:39 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:04 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Stephen Smalley, (Tue Mar 25, 8:03 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Serge E. Hallyn, (Tue Mar 25, 9:40 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Stephen Smalley, (Tue Mar 25, 10:37 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Serge E. Hallyn, (Tue Mar 25, 2:06 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Emelyanov, (Wed Mar 26, 11:47 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Tue Mar 25, 5:55 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morgan, (Wed Mar 26, 11:31 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Herbert Poetzl, (Tue Mar 25, 3:07 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 7:09 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:18 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 7:26 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:38 pm)