From owner-freebsd-arch@FreeBSD.ORG Tue Dec 30 20:44:51 2014 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CC26CAA0 for ; Tue, 30 Dec 2014 20:44:51 +0000 (UTC) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3E4F22242 for ; Tue, 30 Dec 2014 20:44:51 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id sBUKijoC078529 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 30 Dec 2014 22:44:45 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.9.2 kib.kiev.ua sBUKijoC078529 Received: (from kostik@localhost) by tom.home (8.14.9/8.14.9/Submit) id sBUKij3s078528; Tue, 30 Dec 2014 22:44:45 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Tue, 30 Dec 2014 22:44:45 +0200 From: Konstantin Belousov To: "Simon J. Gerraty" Subject: Re: Disabling ptrace Message-ID: <20141230204445.GM42409@kib.kiev.ua> References: <20141230111941.GE42409@kib.kiev.ua> <20141230140709.GA96469@stack.nl> <3368390.qHnOScdmzK@shawnwebb-laptop> <29058.1419970932@chaos> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <29058.1419970932@chaos> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tom.home Cc: freebsd-arch@freebsd.org, Jilles Tjoelker , Shawn Webb X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Dec 2014 20:44:51 -0000 On Tue, Dec 30, 2014 at 12:22:12PM -0800, Simon J. Gerraty wrote: > Shawn Webb wrote: > > I'm curious what the use case was that brought this up. And why the requester > > thinks it's actually useful. > > Being able to disable ptrace is useful - provided it cannot be bypassed. > In Junos we leveraged the signed binary implementation (based on NetBSD's > verified exec) to tag processes for which ptrace should fail. The > signed binary stuff also supposed to prevent games with LD_PRELOAD - > assuming we didn't provide and sign the lib in question. Look. If somebody can preload a library into the process, or arbitrary modify the text segment, circumventing ptrace(2) ban is a least worry. The reference to the "Old New Thing" blog I posted before explains that with with fireworks, based on real 'security reports' sent to the security team at MS. > > When we re-implemented veriexec as a MAC module, the above was left out, > in anticipation of using a separate module (though perhaps still > leveraging veriexec to set the labels).