[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080324232922.GA207@tv-sign.ru>
Date: Tue, 25 Mar 2008 02:29:22 +0300
From: Oleg Nesterov <oleg@...sign.ru>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: ebiederm@...ssion.com, xemul@...nvz.org, pavel@....cz,
sds@...ho.nsa.gov, roland@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ptrace: it is fun to strace /sbin/init
On 03/24, Andrew Morton wrote:
>
> On Tue, 25 Mar 2008 01:56:11 +0300
> Oleg Nesterov <oleg@...sign.ru> wrote:
>
> > On 03/24, Andrew Morton wrote:
> > >
> > > On Sun, 23 Mar 2008 16:51:10 +0300
> > > Oleg Nesterov <oleg@...sign.ru> wrote:
> > >
> > > > Ptracing of /sbin/init is not allowed. Of course, this is dangerous, but may
> > > > be useful. Introduce the kernel boot parameter to allow this, so that we can't
> > > > surprise some special/secured systems.
> > >
> > > I dunno, is this really needed?
> >
> > Well, this is the question. I think it would be very nice to have the ability
> > to debug/strace init. Especially if you try to make your own distribution /
> > your own init.
> >
> > Sometimes I see init at the top of the top's output, with this patch I have a
> > chance to see what's going on on my system.
>
> I agree that init should be ptraceable. I'm questioning the value of a
> knob which enables that ability.
>
> Why not just unconditionally enable root's abiltiy to ptrace init?
Ah, sorry, I misunderstood.
As for me, I think it would be right to allow to ptrace init unconditionally.
But I'd like to know what security people think, I am very much afraid there
is something I don't know/understand (like it happened with "don't panic if
/sbin/init exits or killed").
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists