Closed dehorsley closed 9 years ago
Doesn't CAP_SYS_PTRACE
grant the process the ability to ptrace any process on the system? You could e.g. steal a shell from root
.
In order to make this safe, I think we'd have to make reptyr
aware of when it was launched with elevated capabilities, and implement its own permission model for which processes it will allow itself to attach.
Ah so it does, my mistake. There seems to be a bit of conflicting information out there but the YAMA source cleared it up.
This adds ptrace file capability to the
reptyr
binary on install. This means users withptrace_scope = 1
do not have to temporarily disable that setting to use reptyr.Note this does introduce some security concerns: it is possible to escalate privileges by using an exploit on reptyr and ptracing a process with the same UID and the capability required. However, this is still more secure than having
ptrace_scope = 0
.