Hacker News new | ask | show | jobs
by charcircuit 900 days ago
Why does Bash have permission to ptrace or read other process's memory. This should already be locked down, but I suspect it's not because for some reason a lot of systems do not use LSMs or don't care about security in general.
1 comments
khuey 900 days ago
The same bash instance is the parent of the process being attacked so it meets the requirements to ptrace at yama/ptrace_scope == 1.
link
Retr0id 900 days ago
In the case of stelf-loader, the bash instance is attacking itself. It's not especially unexpected for a process to be able to modify its own memory.
link
charcircuit 899 days ago
>It's not especially unexpected for a process to be able to modify its own memory.

It is unexpected for Bash to do that so it shouldn't be given access to ptrace.

link
Retr0id 899 days ago
stelf-loader does not use ptrace
link
charcircuit 899 days ago
Writing to /proc/pid/mem requires access to ptrace. I never said it would use ptrace directly.
link
Retr0id 899 days ago
It's gated by the same access control logic that governs ptrace yes, but it does not use ptrace directly nor indirectly. The first step of that logic is:

> If the calling thread and the target thread are in the same thread group, access is always allowed.

link