diff options
| author | Mickaël Salaün <[email protected]> | 2021-04-22 17:41:14 +0200 |
|---|---|---|
| committer | James Morris <[email protected]> | 2021-04-22 12:22:10 -0700 |
| commit | afe81f754117dd96853677c5cb815f49abef0ba0 (patch) | |
| tree | 9c89ace4b459dece96d08922e6ae9be04bf22091 /tools/perf/scripts/python/exported-sql-viewer.py | |
| parent | 385975dca53eb41031d0cbd1de318eb1bc5d6bb9 (diff) | |
landlock: Add ptrace restrictions
Using ptrace(2) and related debug features on a target process can lead
to a privilege escalation. Indeed, ptrace(2) can be used by an attacker
to impersonate another task and to remain undetected while performing
malicious activities. Thanks to ptrace_may_access(), various part of
the kernel can check if a tracer is more privileged than a tracee.
A landlocked process has fewer privileges than a non-landlocked process
and must then be subject to additional restrictions when manipulating
processes. To be allowed to use ptrace(2) and related syscalls on a
target process, a landlocked process must have a subset of the target
process's rules (i.e. the tracee must be in a sub-domain of the tracer).
Cc: James Morris <[email protected]>
Signed-off-by: Mickaël Salaün <[email protected]>
Reviewed-by: Jann Horn <[email protected]>
Acked-by: Serge Hallyn <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: James Morris <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/exported-sql-viewer.py')
0 files changed, 0 insertions, 0 deletions