On Tue, Mar 16, 2021 at 09:42:44PM +0100, Mickaël Salaün wrote:
From: Mickaël Salaün <redacted>
Using ptrace(2) and related debug features on a target process can lead
to a privilege escalation. Indeed, ptrace(2) can be used by an attacker
to impersonate another task and to remain undetected while performing
malicious activities. Thanks to ptrace_may_access(), various part of
the kernel can check if a tracer is more privileged than a tracee.
A landlocked process has fewer privileges than a non-landlocked process
and must then be subject to additional restrictions when manipulating
processes. To be allowed to use ptrace(2) and related syscalls on a
target process, a landlocked process must have a subset of the target
process's rules (i.e. the tracee must be in a sub-domain of the tracer).
Cc: James Morris <jmorris@namei.org>
Cc: Kees Cook <redacted>
Signed-off-by: Mickaël Salaün <redacted>
Reviewed-by: Kees Cook <redacted>
--
Kees Cook