Re: Why can't I ptrace init (pid == 1) ?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Helge Hafting <helgehaf@idb.hist.no>
To: richard offer <offer@sgi.com>, linux-kernel@vger.kernel.org
Subject: Re: Why can't I ptrace init (pid == 1) ?
Date: Wed, 20 Jun 2001 10:37:20 +0200	[thread overview]
Message-ID: <3B3060C0.B2D368C@idb.hist.no> (raw)
In-Reply-To: <102490000.992966603@changeling.engr.sgi.com>

richard offer wrote:
> 
> In arch/i386/kernel/ptrace.c there is the following code ...
> 
>         ret = -EPERM;
>         if (pid == 1)           /* you may not mess with init */
>                 goto out_tsk;
> 
> What is the rationale for this ? Is this a real security decision or
> an implementation detail (bad things will happen).

I don't know why they did it, but ptracing init is definitely a added
security risk.  If an intruder can't take over init, then a smart
init can fight back.  Of course most inits aren't that smart, but
at least they can log problems and such.  The intruder can't prevent
that because init cannot be killed except by booting (which is
noticeable),
and it cannot be taken over with ptrace.  ptrace could otherwise
be used to make init exec some other init that doesn't do the
logging.  

If you want to debug the init software, consider running it
as a normal processs (not PID 1).  If that is impossible , e.g.
you need a real-life setup, do remove the above test temporarily 
and make an init-debug kernel for this purpose.

Helge Hafting

next prev parent reply	other threads:[~2001-06-20  8:39 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-06-19 16:03 Why can't I ptrace init (pid == 1) ? richard offer
2001-06-20  8:37 ` Helge Hafting [this message]
2001-06-20  8:45   ` Miquel van Smoorenburg
2001-08-06 22:05     ` Mike Coleman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3B3060C0.B2D368C@idb.hist.no \
    --to=helgehaf@idb.hist.no \
    --cc=linux-kernel@vger.kernel.org \
    --cc=offer@sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox