lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 15 Dec 2020 12:31:11 -0600
From:   Ted Estes <ted@...twarecrafters.com>
To:     "Alejandro Colomar (man-pages)" <alx.manpages@...il.com>,
        Pavel Emelyanov <xemul@...nvz.org>,
        Oleg Nesterov <oleg@...sign.ru>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Michael Kerrisk <mtk.manpages@...il.com>,
        Kees Cook <keescook@...omium.org>, Jann Horn <jann@...jh.net>
Cc:     linux-man <linux-man@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [Bug 210655] ptrace.2: documentation is incorrect about access
 checking threads in same thread group

Per my research on the topic, the error is in the manual page.  The 
behavior of ptrace(2) was intentionally changed to prohibit attaching to 
a thread in the same group.  Apparently, there were a number of 
ill-behaved edge cases.

I found this email thread on the subject: 
https://lkml.org/lkml/2006/8/31/241

Thank you.
--Ted Estes

On 12/15/2020 11:01 AM, Alejandro Colomar (man-pages) wrote:
> Hi,
>
> There's a bug report: https://bugzilla.kernel.org/show_bug.cgi?id=210655
>
> [[
> Under "Ptrace access mode checking", the documentation states:
>    "1. If the calling thread and the target thread are in the same thread
> group, access is always allowed."
>
> This is incorrect. A thread may never attach to another in the same group.
>
> Reference, ptrace_attach()
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/kernel/ptrace.c?h=v5.9.14#n380
> ]]
>
> I just wanted to make sure that it is a bug in the manual page, and not
> in the implementation.
>
>
> Thanks,
>
> Alex
>

Powered by blists - more mailing lists