tech-security: Re: ptrace() vs. SIGKILL?

Subject: Re: ptrace() vs. SIGKILL?
To: Dave Sainty <dave@dtsp.co.nz>
From: Greg A. Woods <woods@weird.com>
List: tech-security
Date: 12/06/2002 13:06:41

[ On Saturday, December 7, 2002 at 00:17:07 (+1300), Dave Sainty wrote: ]
> Subject: Re: Fork bomb protection patch 
>
> Heh, I was pondering this the other day after the realisation that
> ptrace() could prevent SIGKILL from killing a process.
> 
> I've been thinking that a:
> 
> options NOPTRACE
> 
> ... would be a useful option for hardening boxes...

Hmmm....  If ptrace() could prevent SIGKILL from taking effect for
anyone but the superuser then that would be a very serious security bug,
not just on un-hardened boxes.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>