From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752216AbcF2EuJ (ORCPT <rfc822;w@1wt.eu>);
	Wed, 29 Jun 2016 00:50:09 -0400
Received: from mail-wm0-f68.google.com ([74.125.82.68]:33008 "EHLO
	mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750892AbcF2EuG (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 29 Jun 2016 00:50:06 -0400
Subject: Re: Review of ptrace Yama ptrace_scope description
To: Jann Horn <jann@thejh.net>, Kees Cook <keescook@chromium.org>
References: <a80772d7-f52a-0943-de24-a0cf8d6b2f7c@gmail.com>
 <20160625143006.GA24730@pc.thejh.net>
 <0017835d-c672-02fe-dab8-d1b11c100c24@gmail.com>
 <20160628205007.GA1419@pc.thejh.net>
Cc: mtk.manpages@gmail.com, Linux API <linux-api@vger.kernel.org>,
        linux-man <linux-man@vger.kernel.org>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        lkml <linux-kernel@vger.kernel.org>,
        Casey Schaufler <casey@schaufler-ca.com>,
        James Morris <jmorris@namei.org>
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Message-ID: <0a832f69-71fc-0b3e-bdc6-4c17f5ceadf6@gmail.com>
Date: Wed, 29 Jun 2016 06:49:47 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.0
MIME-Version: 1.0
In-Reply-To: <20160628205007.GA1419@pc.thejh.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Jann,
...

>> So I've made that section of text:
>>
>>        A  process  that  has the CAP_SYS_PTRACE capability can update the
>>        /proc/sys/kernel/yama/ptrace_scope file with one of the  following
>>        values:
>>
>>        0 ("classic ptrace permissions")
>>               No  additional  restrictions  on  operations  that  perform
>>               PTRACE_MODE_ATTACH checks (beyond those imposed by the com‐
>>               moncap and other LSMs).
>>
>>               The use of PTRACE_TRACEME is unchanged.
>>
>>        1 ("restricted ptrace") [default value]
>>               When    performing    an    operation   that   requires   a
>>               PTRACE_MODE_ATTACH check, the calling process  must  either
>>               have the CAP_SYS_PTRACE capability in the user namespace of
>>               the target process or it  have  a  predefined  relationship
>>               with  the target process.
>
> Nit: The grammar in this sentence seems wrong to me.
> s/or it have/or it must have/?

Yep, thanks for catching that. Fixed now.

Cheers,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/