afe81f7541
Using ptrace(2) and related debug features on a target process can lead to a privilege escalation. Indeed, ptrace(2) can be used by an attacker to impersonate another task and to remain undetected while performing malicious activities. Thanks to ptrace_may_access(), various part of the kernel can check if a tracer is more privileged than a tracee. A landlocked process has fewer privileges than a non-landlocked process and must then be subject to additional restrictions when manipulating processes. To be allowed to use ptrace(2) and related syscalls on a target process, a landlocked process must have a subset of the target process's rules (i.e. the tracee must be in a sub-domain of the tracer). Cc: James Morris <jmorris@namei.org> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jann Horn <jannh@google.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210422154123.13086-5-mic@digikod.net Signed-off-by: James Morris <jamorris@linux.microsoft.com>
15 lines
334 B
C
15 lines
334 B
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Landlock LSM - Ptrace hooks
|
|
*
|
|
* Copyright © 2017-2019 Mickaël Salaün <mic@digikod.net>
|
|
* Copyright © 2019 ANSSI
|
|
*/
|
|
|
|
#ifndef _SECURITY_LANDLOCK_PTRACE_H
|
|
#define _SECURITY_LANDLOCK_PTRACE_H
|
|
|
|
__init void landlock_add_ptrace_hooks(void);
|
|
|
|
#endif /* _SECURITY_LANDLOCK_PTRACE_H */
|