Add ptrace file cap on install

nelhage / reptyr

Reparent a running program to a new terminal

MIT License

5.77k stars 216 forks source link

Add ptrace file cap on install #56

Closed dehorsley closed 9 years ago

dehorsley commented 9 years ago

This adds ptrace file capability to the reptyr binary on install. This means users with ptrace_scope = 1 do not have to temporarily disable that setting to use reptyr.

Note this does introduce some security concerns: it is possible to escalate privileges by using an exploit on reptyr and ptracing a process with the same UID and the capability required. However, this is still more secure than having ptrace_scope = 0.

nelhage commented 9 years ago

Doesn't CAP_SYS_PTRACE grant the process the ability to ptrace any process on the system? You could e.g. steal a shell from root.

In order to make this safe, I think we'd have to make reptyr aware of when it was launched with elevated capabilities, and implement its own permission model for which processes it will allow itself to attach.

dehorsley commented 9 years ago

Ah so it does, my mistake. There seems to be a bit of conflicting information out there but the YAMA source cleared it up.