From owner-freebsd-arch@FreeBSD.ORG Sat Jan 3 16:32:55 2015 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1B56DBCE; Sat, 3 Jan 2015 16:32:55 +0000 (UTC) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 99B721209; Sat, 3 Jan 2015 16:32:54 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id t03GWnAE047306 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 3 Jan 2015 18:32:49 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.9.2 kib.kiev.ua t03GWnAE047306 Received: (from kostik@localhost) by tom.home (8.14.9/8.14.9/Submit) id t03GWnXP047305; Sat, 3 Jan 2015 18:32:49 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sat, 3 Jan 2015 18:32:49 +0200 From: Konstantin Belousov To: Robert Watson Subject: Re: Disabling ptrace Message-ID: <20150103163249.GX42409@kib.kiev.ua> References: <20141230111941.GE42409@kib.kiev.ua> <20150102171314.GS42409@kib.kiev.ua> <179DAA4D-3526-446C-A0A2-9F7DA137293F@FreeBSD.org> <20150103142535.GW42409@kib.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150103142535.GW42409@kib.kiev.ua> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tom.home Cc: arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jan 2015 16:32:55 -0000 On Sat, Jan 03, 2015 at 04:25:35PM +0200, Konstantin Belousov wrote: > On Sat, Jan 03, 2015 at 01:37:33PM +0000, Robert Watson wrote: > > I???m OK with putting the flag on the process, but frequently the > > process credential is where we stick security-related subject/object > > flags... Hm, credentials store the rights of the subject, related to the credentials (am I using the correct terminology ?). While the no-trace attribute is not rights, it is very similar to e.g. DAC or ACL on the files, which are stored in inode. No-trace is an attribute of the process, and by the DAC analogy, should be stored in the object which is protected. In other words, we do not disallow some user to do attach with ptrace, but mark some process as not attachable.