Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [netbsd-8] src/sys/kern



Module Name:    src
Committed By:   martin
Date:           Sat May  5 19:13:21 UTC 2018

Modified Files:
        src/sys/kern [netbsd-8]: sys_ptrace_common.c

Log Message:
Pull up following revision(s) (requested by kamil in ticket #792):

        sys/kern/sys_ptrace_common.c: revision 1.38

Harden the NetBSD PT_TRACE_ME operation

You can't say to the parent of a process to start tracing if:
        (1) the parent is initproc,
        (2) the child is already traced.

Rationale:
 (1) - It has a side effect of being an anti-debugger functionality,
       as we cannot kill initproc (PID1) and reset the traced flag.
     - initproc is not a debugger, raising debugging events from a child
       to initproc can result in at least a stopped/hanging process
       in the system.
 (2) - It does not make sense to be simultanously traced by two debuggers
     - It does not make sense to be traced twice by the same debugger.

Permit enable tracing for a parent that has been chroot(8)ed, as this is
harmless and the parent is already monitoring for child signals.
The same semantics exist in FreeBSD.

If you are looking for an antidebugging trick for old NetBSD (pre 8.0)
or other popular kernels, here is an example:

$ cat antidebug.c
int
main(int argc, char **argv)
{
        pid_t child;
        int rv;
        int n =3D 0;
        child =3D fork();
        if (child =3D=3D 0) {
                while (getppid() !=3D 1)
                        continue;
                rv =3D ptrace(PT_TRACE_ME, 0, 0, 0);
                if (rv !=3D 0)
                        abort();
                printf("Try to detach to me with a debugger!! ");
                printf("haha My PID is %d\n", getpid());
                while (1) {
                        printf("%d\n", n++);
                        sleep(1);
                }
        }
        exit(0);
}

A developer is no longer able to attach GDB, strace or LLDB to this program
without killing the initproc (your favourite system daemon).. this action
would be fatal for the operation of the whole Operating System stability.

Examples from a current non-NetBSD popular kernel:
$ ps -o ppid=3D -p 17904
    1
$ strace -p 17904
strace: attach: ptrace(PTRACE_SEIZE, 17904): Operation not permitted
$ gdb -p 17904
[...]
Attaching to process 17904
warning: process 17904 is already traced by process 1
ptrace: Operation not permitted.
(gdb)
$ lldb-3.9 -p 17904
(lldb) process attach --pid 17904
error: attach failed: unable to attach

On NetBSD 8.0 and newer it is now guaranteed to have an option to kill
a malevolent (fake?) debugger and attach with a new tracer to the process

Sponsored by <The NetBSD Foundation>


To generate a diff of this commit:
cvs rdiff -u -r1.22.2.2 -r1.22.2.3 src/sys/kern/sys_ptrace_common.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index