mirror of https://github.com/mkerrisk/man-pages
ptrace.2: Add an introductory paragraph to the Ptrace access mode checks" section
Reported-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
1c22e40a71
commit
00172d8d96
|
@ -2081,9 +2081,17 @@ is highly specific to the operating system and architecture.
|
|||
.SS Ptrace access mode checking
|
||||
Various parts of the kernel-user-space API (not just
|
||||
.BR ptrace (2)
|
||||
operations), require so-called "ptrace access mode permissions" which
|
||||
are gated by any enabled Linux Security Module (LSM)\(emfor example,
|
||||
SELinux, Yama, or Smack\(emand by the the commoncap LSM
|
||||
operations), require so-called "ptrace access mode" checks,
|
||||
whose outcome determines whether an operation is permitted
|
||||
(or, in a few cases, causes a "read" operation to return sanitized data).
|
||||
These checks are performed in cases where one process can
|
||||
inspect sensitive information about,
|
||||
or in some cases modify the state of, another process.
|
||||
The checks are based on factors such as the credentials and capabilities
|
||||
of the two processes,
|
||||
whether or not the "target" process is dumpable,
|
||||
and the results of checks performed by any enabled Linux Security Module
|
||||
(LSM)\(emfor example, SELinux, Yama, or Smack\(emand by the commoncap LSM
|
||||
(which is always invoked).
|
||||
|
||||
Prior to Linux 2.6.27, all access checks were of a single type.
|
||||
|
|
Loading…
Reference in New Issue