Home » Mailing list archives » linux-kernel » 2008 » March » 25

Re: [PATCH] ptrace: it is fun to strace /sbin/init

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Stephen Smalley <sds@...>
To: Oleg Nesterov <oleg@...>
Cc: Pavel Machek <pavel@...>, Andrew Morton <akpm@...>, Eric W. Biederman <ebiederm@...>, Pavel Emelyanov <xemul@...>, Roland McGrath <roland@...>, <linux-kernel@...>, Serge E. Hallyn <serue@...>, Chris Wright <chrisw@...>
Subject: Re: [PATCH] ptrace: it is fun to strace /sbin/init
Date: Tuesday, March 25, 2008 - 8:03 am

On Tue, 2008-03-25 at 02:04 +0300, Oleg Nesterov wrote:

Not an issue for SELinux (we apply an orthogonal check based on security
context, so we can already block ptrace of init independent of whether
root/CAP_SYS_PTRACE can do it).  I'm not sure though as to whether
people using capabilities have ever relied on this special protection of
init (e.g. custom init spawns children with lesser capabilities and
relies on the fact that they cannot ptrace init to effectively re-gain
those capabilities, even if they possess CAP_SYS_PTRACE).

-- 
Stephen Smalley
National Security Agency

--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Sun Mar 23, 9:51 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 6:29 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 6:56 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 7:08 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 6:00 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Roland McGrath, (Tue Mar 25, 6:00 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Tue Mar 25, 1:42 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:16 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:22 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Tue Mar 25, 10:47 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:56 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:30 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:35 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:58 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:29 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 12:01 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 12:40 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 6:39 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:04 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Stephen Smalley, (Tue Mar 25, 8:03 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Serge E. Hallyn, (Tue Mar 25, 9:40 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Stephen Smalley, (Tue Mar 25, 10:37 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Serge E. Hallyn, (Tue Mar 25, 2:06 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Emelyanov, (Wed Mar 26, 11:47 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Tue Mar 25, 5:55 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morgan, (Wed Mar 26, 11:31 am)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Herbert Poetzl, (Tue Mar 25, 3:07 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 7:09 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:18 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 7:26 pm)
Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:38 pm)