From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Thu, 17 Nov 2016 22:32:59 +0100 From: Willy Tarreau To: Kees Cook Cc: "Eric W. Biederman" , Linux Containers , Oleg Nesterov , "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , Linux FS Devel , Michal Hocko , Jann Horn , Andy Lutomirski Subject: Re: [REVIEW][PATCH 2/3] exec: Don't allow ptracing an exec of an unreadable file Message-ID: <20161117213258.GA10839@1wt.eu> References: <20161019172917.GE1210@laptop.thejh.net> <87pomwi5p2.fsf@xmission.com> <87pomwghda.fsf@xmission.com> <87twb6avk8.fsf_-_@xmission.com> <87inrmavax.fsf_-_@xmission.com> <20161117204707.GB10421@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: owner-linux-mm@kvack.org List-ID: On Thu, Nov 17, 2016 at 01:07:33PM -0800, Kees Cook wrote: > I'm not opposed to a sysctl for this. Regardless, I think we need to > embrace this idea now, though, since we'll soon end up with > architectures that enforce executable-only memory, in which case > ptrace will again fail. Almost better to get started here and then not > have more surprises later. Also that makes me realize that by far the largest use case of ptrace is strace and that strace needs very little capabilities. I guess that most users would be fine with having only pointers and not contents for addresses or read/write of data, as they have on some other OSes, when the process is not readable. But in my opinion when a process is executable we should be able to trace its execution (even without memory read access). Willy -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org