Date: Sat, 3 Jan 2015 18:32:49 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: Robert Watson <rwatson@FreeBSD.org> Cc: arch@freebsd.org Subject: Re: Disabling ptrace Message-ID: <20150103163249.GX42409@kib.kiev.ua> In-Reply-To: <20150103142535.GW42409@kib.kiev.ua> References: <20141230111941.GE42409@kib.kiev.ua> <alpine.BSF.2.11.1501020906300.69379@fledge.watson.org> <20150102171314.GS42409@kib.kiev.ua> <179DAA4D-3526-446C-A0A2-9F7DA137293F@FreeBSD.org> <20150103142535.GW42409@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 03, 2015 at 04:25:35PM +0200, Konstantin Belousov wrote: > On Sat, Jan 03, 2015 at 01:37:33PM +0000, Robert Watson wrote: > > I???m OK with putting the flag on the process, but frequently the > > process credential is where we stick security-related subject/object > > flags... Hm, credentials store the rights of the subject, related to the credentials (am I using the correct terminology ?). While the no-trace attribute is not rights, it is very similar to e.g. DAC or ACL on the files, which are stored in inode. No-trace is an attribute of the process, and by the DAC analogy, should be stored in the object which is protected. In other words, we do not disallow some user to do attach with ptrace, but mark some process as not attachable.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150103163249.GX42409>