[khuey]

The same bash instance is the parent of the process being attacked so it meets the requirements to ptrace at yama/ptrace_scope == 1.

[Retr0id]

In the case of stelf-loader, the bash instance is attacking itself. It's not especially unexpected for a process to be able to modify its own memory.

[charcircuit]

>It's not especially unexpected for a process to be able to modify its own memory.

It is unexpected for Bash to do that so it shouldn't be given access to ptrace.

[Retr0id]

stelf-loader does not use ptrace

[charcircuit]

Writing to /proc/pid/mem requires access to ptrace. I never said it would use ptrace directly.

[Retr0id]

It's gated by the same access control logic that governs ptrace yes, but it does not use ptrace directly nor indirectly. The first step of that logic is:

> If the calling thread and the target thread are in the same thread group, access is always allowed.