| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0a832f69-71fc-0b3e-bdc6-4c17f5ceadf6@gmail.com>
Date: Wed, 29 Jun 2016 06:49:47 +0200
From: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
To: Jann Horn <jann@...jh.net>, Kees Cook <keescook@...omium.org>
Cc: mtk.manpages@...il.com, Linux API <linux-api@...r.kernel.org>,
linux-man <linux-man@...r.kernel.org>,
linux-security-module <linux-security-module@...r.kernel.org>,
lkml <linux-kernel@...r.kernel.org>,
Casey Schaufler <casey@...aufler-ca.com>,
James Morris <jmorris@...ei.org>
Subject: Re: Review of ptrace Yama ptrace_scope description
Hi Jann,
...
>> So I've made that section of text:
>>
>> A process that has the CAP_SYS_PTRACE capability can update the
>> /proc/sys/kernel/yama/ptrace_scope file with one of the following
>> values:
>>
>> 0 ("classic ptrace permissions")
>> No additional restrictions on operations that perform
>> PTRACE_MODE_ATTACH checks (beyond those imposed by the com‐
>> moncap and other LSMs).
>>
>> The use of PTRACE_TRACEME is unchanged.
>>
>> 1 ("restricted ptrace") [default value]
>> When performing an operation that requires a
>> PTRACE_MODE_ATTACH check, the calling process must either
>> have the CAP_SYS_PTRACE capability in the user namespace of
>> the target process or it have a predefined relationship
>> with the target process.
>
> Nit: The grammar in this sentence seems wrong to me.
> s/or it have/or it must have/?
Yep, thanks for catching that. Fixed now.
Cheers,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
Powered by blists - more mailing lists