Re: Why can't I ptrace init (pid == 1) ?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: miquels@cistron-office.nl (Miquel van Smoorenburg)
To: linux-kernel@vger.kernel.org
Subject: Re: Why can't I ptrace init (pid == 1) ?
Date: Wed, 20 Jun 2001 08:45:18 +0000 (UTC)	[thread overview]
Message-ID: <9gpnqu$8lv$2@ncc1701.cistron.net> (raw)
In-Reply-To: <102490000.992966603@changeling.engr.sgi.com> <3B3060C0.B2D368C@idb.hist.no>

In article <3B3060C0.B2D368C@idb.hist.no>,
Helge Hafting  <helgehaf@idb.hist.no> wrote:
>richard offer wrote:
>> 
>> In arch/i386/kernel/ptrace.c there is the following code ...
>> 
>>         ret = -EPERM;
>>         if (pid == 1)           /* you may not mess with init */
>>                 goto out_tsk;
>> 
>> What is the rationale for this ? Is this a real security decision or
>> an implementation detail (bad things will happen).
>
>I don't know why they did it, but ptracing init is definitely a added
>security risk.  If an intruder can't take over init, then a smart
>init can fight back.  Of course most inits aren't that smart, but
>at least they can log problems and such.  The intruder can't prevent
>that because init cannot be killed except by booting (which is
>noticeable),
>and it cannot be taken over with ptrace.  ptrace could otherwise
>be used to make init exec some other init that doesn't do the
>logging.  

You can exec another init anyway. Call 'telinit u' and init will
re-exec itself, so that's not tne reason.

The reason right now is I think that ptrace mucks around with
sibling relations and since init is a special 'father of all
processes' (or is that mother?) that would get the system into
trouble real soon.

Mike.

next prev parent reply	other threads:[~2001-06-20  8:45 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-06-19 16:03 Why can't I ptrace init (pid == 1) ? richard offer
2001-06-20  8:37 ` Helge Hafting
2001-06-20  8:45   ` Miquel van Smoorenburg [this message]
2001-08-06 22:05     ` Mike Coleman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='9gpnqu$8lv$2@ncc1701.cistron.net' \
    --to=miquels@cistron-office.nl \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.