Date: Tue, 25 Feb 2025 03:22:40 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 285021] the procctl PROC_TRACE_CTL doesn't work as expected Message-ID: <bug-285021-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D285021 Bug ID: 285021 Summary: the procctl PROC_TRACE_CTL doesn't work as expected Product: Base System Version: 13.4-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: wzis@hotmail.com I'm a security software developer, found the procctl PROC_TRACE_CTL is a ve= ry good way to protect the process, so want to use it in our program for protecting important processes. However what I found is more often than not, even when the procctl call seems works, but the desired effects are not the= re: after disabling the TRACE, and checked the STATUS, the TRCAE is disabled, however the process is still traceable, ptrace can still attach to it. The following is a sample program we use to test it: #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <errno.h> #include <signal.h> #include <sys/types.h> #include <sys/ptrace.h> #include <sys/wait.h> #include <sys/procctl.h> int main(int argc, char *argv[]) { pid_t target_pid; int disable =3D PROC_TRACE_CTL_DISABLE; int status; if (argc !=3D 2) { fprintf(stderr, "Usage: %s <pid>\n", argv[0]); exit(EXIT_FAILURE); } target_pid =3D (pid_t)atoi(argv[1]); if (target_pid <=3D 0) { fprintf(stderr, "Invalid PID: %s\n", argv[1]); exit(EXIT_FAILURE); } /* Attempt to disable tracing on the target process. * Only the process itself or a superuser can perform this operation. */ if (procctl(P_PID, target_pid, PROC_TRACE_CTL, &disable) =3D=3D -1) { int status; perror("procctl(PROC_TRACE_CTL)"); if(procctl(P_PID, target_pid, PROC_TRACE_STATUS, &status)=3D=3D0) fprintf(stderr, "the process has TRACE_CTL status=3D%d\n", status= ); else exit(EXIT_FAILURE); } else if(procctl(P_PID, target_pid, PROC_TRACE_STATUS, &status)=3D=3D0) fprintf(stderr, "the process has TRACE_CTL status=3D%d\n", status= ); /* Now attempt to attach to the target process using ptrace. * If tracing is disabled, this should fail with EPERM. */ if (ptrace(PT_ATTACH, target_pid, NULL, 0) =3D=3D 0) { /* If attach succeeds, wait for the process to stop */ waitpid(target_pid, &status, 0); /* Detach so as not to leave the process in a stopped state */ if (ptrace(PT_DETACH, target_pid, (void *)1, 0) =3D=3D -1) { perror("ptrace(PT_DETACH)"); } printf("procctl tracing disable is NOT working: ptrace attach succeeded\n"); } else { if (errno =3D=3D EPERM) { printf("procctl tracing disable is working: ptrace attach failed with EPERM\n"); } else { perror("ptrace(PT_ATTACH)"); } } return 0; } After compiling the program, we run it against one of the processes that's running, [root@bsd123 ~]# ./procc 868 the process has TRACE_CTL status=3D-1 procctl tracing disable is NOT working: ptrace attach succeeded [root@bsd123 ~]# --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-285021-227>