Re: Why can't I ptrace init (pid == 1) ?

Helge Hafting (helgehaf@idb.hist.no)
Wed, 20 Jun 2001 10:37:20 +0200


richard offer wrote:
>
> In arch/i386/kernel/ptrace.c there is the following code ...
>
> ret = -EPERM;
> if (pid == 1) /* you may not mess with init */
> goto out_tsk;
>
> What is the rationale for this ? Is this a real security decision or
> an implementation detail (bad things will happen).

I don't know why they did it, but ptracing init is definitely a added
security risk. If an intruder can't take over init, then a smart
init can fight back. Of course most inits aren't that smart, but
at least they can log problems and such. The intruder can't prevent
that because init cannot be killed except by booting (which is
noticeable),
and it cannot be taken over with ptrace. ptrace could otherwise
be used to make init exec some other init that doesn't do the
logging.

If you want to debug the init software, consider running it
as a normal processs (not PID 1). If that is impossible , e.g.
you need a real-life setup, do remove the above test temporarily
and make an init-debug kernel for this purpose.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/