Subject: Re: ktrace and P_SUGID
To: None <>
From: Simon J. Gerraty <>
List: tech-security
Date: 06/28/2002 23:19:22
>> > Log Message:
>> > disallow ktrace on P_SUGID.  from openbsd
>>What does this actually fix?  As it is, ktrace will stop tracing when
>>you exec a sugid executable, and ktrace -p to attach to an existing
>>sugid process already returns "operation not permitted".

>	forbids ktrace on binaries that have changed pid from root to your
>	own uid, for instance, sshd in privsep jail.

I trust that this restriction does not apply if the ktrace was initiated
by root?  I've not looked at the netbsd ktrace paths, but I had to
fix the freebsd kernel to allow ktrace across exec of a setuid binary
when the trace was initiated by root - otherwise its nearly impossible
to debug certain classes of bug.