Michael Kerrisk
ff20e9ca6b
ptrace.2: Tweaks to Keno Fischer's patches
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-17 08:21:01 +01:00
Keno Fischer
5419141e28
ptrace.2: Expand documentation PTRACE_EVENT_SECCOMP traps
...
In Linux 4.8 (through a series of commits, 93e35efb8de45393c
being the actual reordering on x86), the order of
PTRACE_EVENT_SECCOMP and syscall-entry-stops was reversed.
Document both behaviors and their interaction with the
various forms of restart.
Signed-off-by: Keno Fischer <keno@juliacomputing.com>
2016-11-17 08:07:37 +01:00
Keno Fischer
131bcd7aaa
ptrace.2: Document the behavior of PTRACE_SYSEMU stops
...
Signed-off-by: Keno Fischer <keno@juliacomputing.com>
2016-11-17 08:02:48 +01:00
Michael Kerrisk
c73916154d
ptrace.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-09 01:49:25 +01:00
Michael Kerrisk
baf11d5c1d
ptrace.2: Document PTRACE_SECCOMP_GET_FILTER
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-08 14:07:56 +01:00
Michael Kerrisk
b8854baedb
ptrace.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-08 14:07:56 +01:00
Michael Kerrisk
bc8bfd8ac8
ptrace.2: Document PTRACE_GET_THREAD_AREA and PTRACE_SET_THREAD_AREA
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-01 14:25:06 +01:00
Michael Kerrisk
02418dd0c7
ptrace.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-01 14:06:28 +01:00
Michael Kerrisk
65ba6523ea
ptrace.2: srcfix: update FIXME details
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-01 14:02:13 +01:00
Michael Kerrisk
3b1fdaf38f
ptrace.2: srcfix: FIXME tidy-up
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-10-29 13:34:57 +02:00
Michael Kerrisk
a686506533
ptrace.2: ffix
...
Reported-by: Sam Varshavchik <mrsam@courier-mta.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-12 07:14:42 +12:00
Michael Kerrisk
bf7bc8b898
arch_prctl.2, execveat.2, fanotify_mark.2, fcntl.2, fork.2, madvise.2, mknod.2, mmap.2, modify_ldt.2, mount.2, open.2, prctl.2, ptrace.2, restart_syscall.2, seccomp.2, semop.2, set_thread_area.2, symlink.2, umount.2, unlink.2, error.3, getnetent.3, getprotoent.3, getservent.3, getutent.3, glob.3, login.3, setjmp.3, setnetgrent.3, wordexp.3, epoll.7: Remove section number from page self reference
...
Fix places where pages refer to the function that they describe
and include a section number in that reference. Such references
cause some HTML-rendering tools to create self-references in the
page.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:12 +10:00
Michael Kerrisk
3df541c0e6
ldd.1, localedef.1, add_key.2, chroot.2, clone.2, fork.2, futex.2, get_mempolicy.2, get_robust_list.2, getitimer.2, getpriority.2, ioctl.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, kcmp.2, kill.2, lookup_dcookie.2, mmap.2, mount.2, open.2, pciconfig_read.2, perf_event_open.2, prctl.2, process_vm_readv.2, ptrace.2, quotactl.2, recv.2, setfsgid.2, setfsuid.2, sysinfo.2, umask.2, umount.2, unshare.2, utimensat.2, wait.2, assert.3, fmax.3, fmin.3, getauxval.3, inet_pton.3, malloc_hook.3, memmem.3, mkdtemp.3, mktemp.3, printf.3, strcasecmp.3, strcat.3, strtoul.3, strxfrm.3, console_codes.4, console_ioctl.4, lirc.4, tty.4, vcs.4, charmap.5, elf.5, locale.5, proc.5, repertoiremap.5, utmp.5, capabilities.7, cgroup_namespaces.7, cgroups.7, charsets.7, cp1251.7, cp1252.7, credentials.7, feature_test_macros.7, iso_8859-1.7, iso_8859-15.7, iso_8859-5.7, koi8-r.7, koi8-u.7, man-pages.7, mount_namespaces.7, namespaces.7, netlink.7, pid_namespaces.7, unix.7, user_namespaces.7, utf-8.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-17 18:10:19 +02:00
Michael Kerrisk
028b5760e8
ptrace.2: Minor fixes after review by Kees Cook
...
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
e48ed83a6a
ptrace.2: tfix
...
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
d5765e275d
ptrace.2: Note that user namespaces can be used to bypass Yama protections
...
Cowrittten-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
e532361686
ptrace.2: Update Yama ptrace_scope documentation
...
Reframe the discussion in terms of PTRACE_MODE_ATTACH checks,
and make a few other minor tweaks and additions.
Reviewed-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
94b0464cc2
ptrace.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
b0459842ff
ptrace.2: srcfix: add 2015 copyright notice for mtk
...
(Yama ptrace_scope text added in 2015.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
00172d8d96
ptrace.2: Add an introductory paragraph to the Ptrace access mode checks" section
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
1c22e40a71
ptrace.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
3224581342
ptrace.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
edb7368474
ptrace.2: Relocate text noting that PTRACE_MODE_* constants are kernel-internal
...
(No content changes.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
be26fa864f
ptrace.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
bcd0d82dac
ptrace.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Stephen Smalley
3cd161fe57
ptrace.2: Describe PTRACE_MODE_NOAUDIT in more detail
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
78f0786577
ptrace.2: Further fixes after review from Jann Horn
...
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
a330bffa78
ptrace.2: Minor improvements to ptrace access mode text
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
611d3ac40a
ptrace.2: Various fixes after review by Jann Horn
...
Among other things, Jann pointed out that the commoncap LSM
is always invoked, and Kees Cook pointed out the relevant
kernel code:
===
> BTW, can you point me at the piece(s) of kernel code that show that
> "commoncap" is always invoked in addition to any other LSM that has
> been installed?
It's not entirely obvious, but the bottom of security/commoncap.c shows:
struct security_hook_list capability_hooks[] = {
LSM_HOOK_INIT(capable, cap_capable),
...
};
void __init capability_add_hooks(void)
{
security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
}
And security/security.c shows the initialization order of the LSMs:
int __init security_init(void)
{
pr_info("Security Framework initialized\n");
/*
* Load minor LSMs, with the capability module always first.
*/
capability_add_hooks();
yama_add_hooks();
loadpin_add_hooks();
/*
* Load all the remaining security modules.
*/
do_security_initcalls();
return 0;
}
===
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
0647331a06
kcmp.2, ptrace.2: tfix
...
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
e4e2367fe6
ptrace.2: Clarify the purpose of mentioning the kernel PTRACE_MODE_* constants
...
The "ptrace access mode" text is about user-space-visible
behavior, but in order to explain that behavior at what I
believe is a sufficient level of detail (e.g., to differentiate
the various types of checks that are performed for various
system calls and pseudofile accesses), one needs (1) to discuss
the MODE flag details as implemented in the kernel, and (2) to
have a shorthand way to refer to the various cases from other
pages. It's not absolutely necessary to name the flags for (1),
but using the flag names is certainly a handy shorthand for (2).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
c33e8aff8c
ptrace.2: Note that PTRACE_SEIZE is subject to a ptrace access mode check
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
d4c976d820
ptrace.2: Rephrase PTRACE_ATTACH permissions in terms of ptrace access mode check
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
ace93363fb
ptrace.2: Document ptrace access modes
...
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:28 +02:00
Michael Kerrisk
fec74bb1aa
ptrace.2: srcfix: add info about PTRACE_SEIZE
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-03-28 17:38:04 +13:00
Michael Kerrisk
1a3c3468bd
ptrace.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-01-08 17:24:58 +01:00
Jakub Wilk
851eae74ca
ptrace.2: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-01-08 17:24:20 +01:00
Michael Kerrisk
6f3c74a8b9
mremap.2, open.2, perf_event_open.2, prctl.2, ptrace.2, reboot.2, seccomp.2, signalfd.2, syscalls.2, __ppc_set_ppr_med.3, daemon.3, dirfd.3, fgetgrent.3, fgetpwent.3, getauxval.3, getspnam.3, mallinfo.3, mallopt.3, posix_fallocate.3, termios.3, tty_ioctl.4, core.5, nsswitch.conf.5, proc.5, aio.7, capabilities.7, path_resolution.7, pipe.7, rtld-audit.7, signal.7, tcp.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-12-05 10:46:28 +01:00
Namhyung Kim
cc3407d12d
ptrace.2: tfix
...
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-12-02 17:13:38 +01:00
Michael Kerrisk
a47c1f4449
ptrace.2: srcfix: FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-10-09 15:09:22 +02:00
Michael Kerrisk
d901e32568
ptrace.2: SEE ALSO: add prctl(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-10-08 13:01:33 +01:00
Michael Kerrisk
4978c60601
ptrace.2: Document /proc/sys/kernel/yama/ptrace_scope
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-10-08 13:01:33 +01:00
Michael Kerrisk
b405de5281
ptrace.2: Note that PTRACE_ATTACH cannot be applied to nondumpable processes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-10-08 13:01:33 +01:00
Michael Kerrisk
b4b436adfb
ptrace.2: Minor tweaks to Tycho's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-09-11 14:00:59 +02:00
Tycho Andersen
e3cfeba2ff
ptrace.2: Document PTRACE_O_SUSPEND_SECCOMP flag
...
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
CC: Kees Cook <keescook@chromium.org>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-09-11 14:00:31 +02:00
Michael Kerrisk
5722c835ab
intro.1, locale.1, _exit.2, access.2, bpf.2, brk.2, capget.2, chmod.2, chroot.2, clock_getres.2, clone.2, eventfd.2, fallocate.2, fork.2, getgroups.2, gethostname.2, getpid.2, getpriority.2, getrlimit.2, getrusage.2, gettid.2, iopl.2, ioprio_set.2, killpg.2, mlock.2, mprotect.2, perf_event_open.2, poll.2, posix_fadvise.2, pread.2, ptrace.2, read.2, readv.2, recv.2, rename.2, sched_setaffinity.2, sched_setattr.2, seccomp.2, select.2, send.2, seteuid.2, setgid.2, setresuid.2, setreuid.2, setuid.2, sigaltstack.2, signalfd.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, stat.2, timer_create.2, uname.2, utimensat.2, wait.2, wait4.2, write.2, MB_LEN_MAX.3, __ppc_get_timebase.3, clearenv.3, dl_iterate_phdr.3, error.3, fexecve.3, fpurge.3, fread.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getgrent_r.3, gethostbyname.3, getifaddrs.3, getnameinfo.3, getnetent_r.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent_r.3, getrpcent.3, getrpcent_r.3, getrpcport.3, getservent.3, getservent_r.3, gsignal.3, key_setsecret.3, malloc_get_state.3, malloc_info.3, malloc_stats.3, malloc_trim.3, memcpy.3, mq_notify.3, mq_open.3, perror.3, profil.3, psignal.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_detach.3, pthread_getattr_np.3, pthread_join.3, pthread_setname_np.3, pthread_tryjoin_np.3, putgrent.3, rcmd.3, rpc.3, rpmatch.3, sem_close.3, sem_open.3, setaliasent.3, shm_open.3, sigqueue.3, strfmon.3, xcrypt.3, xdr.3, console_codes.4, null.4, core.5, host.conf.5, hosts.equiv.5, locale.5, repertoiremap.5, locale.7, man-pages.7, pty.7, rtld-audit.7, sched.7, vdso.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-07-23 16:12:28 +02:00
Michael Kerrisk
55bd9495b2
ptrace.2: PTRACE_O_TRACEEXIT clarification
...
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-05-12 12:43:48 +02:00
Michael Kerrisk
0722a578ed
_exit.2, access.2, brk.2, chmod.2, clone.2, epoll_wait.2, eventfd.2, fork.2, getgroups.2, gethostname.2, getpid.2, getpriority.2, killpg.2, mmap.2, poll.2, posix_fadvise.2, pread.2, ptrace.2, readv.2, sched_setaffinity.2, select.2, seteuid.2, setgid.2, setresuid.2, setreuid.2, setuid.2, sigaction.2, signalfd.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, stat.2, timer_create.2, uname.2, wait.2, wait4.2, mq_notify.3, mq_open.3, sigqueue.3, man-pages.7: Remove "ABI" from "C library/kernel ABI differences" subheadings
...
The "ABI" doesn't really convey anything significant in
the title. These subsections are about describing differences
between the kernel and (g)libc interfaces.
Reported-by: Andries E. Brouwer <Andries.Brouwer@cwi.nl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-05-08 13:10:04 +02:00
Michael Kerrisk
94e66ffdb0
ptrace.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-05-04 13:08:24 +02:00
Michael Kerrisk
6d322d5fc7
time.1, access.2, arch_prctl.2, cacheflush.2, capget.2, clone.2, execve.2, fcntl.2, fork.2, getpid.2, getxattr.2, ioctl.2, ioctl_fat.2, killpg.2, listxattr.2, madvise.2, migrate_pages.2, modify_ldt.2, mprotect.2, msgget.2, msgop.2, perf_event_open.2, ptrace.2, sched_setattr.2, semget.2, semop.2, sendfile.2, set_thread_area.2, setxattr.2, stat.2, statfs.2, wait.2, wait4.2, encrypt.3, mktemp.3, pthread_attr_setschedparam.3, resolver.3, statvfs.3, syslog.3, tzset.3, core.5, host.conf.5, intro.5, proc.5, resolv.conf.5, pthreads.7, socket.7, unix.7, ld.so.8, ldconfig.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-02-21 09:26:52 +01:00