https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285021
Bug ID: 285021
Summary: the procctl PROC_TRACE_CTL doesn't work as expected
Product: Base System
Version: 13.4-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
I'm a security software developer, found the procctl PROC_TRACE_CTL is a very
good way to protect the process, so want to use it in our program for
protecting important processes. However what I found is more often than not,
even when the procctl call seems works, but the desired effects are not there:
after disabling the TRACE, and checked the STATUS, the TRCAE is disabled,
however the process is still traceable, ptrace can still attach to it.
The following is a sample program we use to test it:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/ptrace.h>
#include <sys/wait.h>
#include <sys/procctl.h>
int main(int argc, char *argv[]) {
pid_t target_pid;
int disable = PROC_TRACE_CTL_DISABLE;
int status;
if (argc != 2) {
fprintf(stderr, "Usage: %s <pid>\n", argv[0]);
exit(EXIT_FAILURE);
}
target_pid = (pid_t)atoi(argv[1]);
if (target_pid <= 0) {
fprintf(stderr, "Invalid PID: %s\n", argv[1]);
exit(EXIT_FAILURE);
}
/* Attempt to disable tracing on the target process.
* Only the process itself or a superuser can perform this operation.
*/
if (procctl(P_PID, target_pid, PROC_TRACE_CTL, &disable) == -1) {
int status;
perror("procctl(PROC_TRACE_CTL)");
if(procctl(P_PID, target_pid, PROC_TRACE_STATUS, &status)==0)
fprintf(stderr, "the process has TRACE_CTL status=%d\n", status);
else
exit(EXIT_FAILURE);
}
else
if(procctl(P_PID, target_pid, PROC_TRACE_STATUS, &status)==0)
fprintf(stderr, "the process has TRACE_CTL status=%d\n", status);
/* Now attempt to attach to the target process using ptrace.
* If tracing is disabled, this should fail with EPERM.
*/
if (ptrace(PT_ATTACH, target_pid, NULL, 0) == 0) {
/* If attach succeeds, wait for the process to stop */
waitpid(target_pid, &status, 0);
/* Detach so as not to leave the process in a stopped state */
if (ptrace(PT_DETACH, target_pid, (void *)1, 0) == -1) {
perror("ptrace(PT_DETACH)");
}
printf("procctl tracing disable is NOT working: ptrace attach
succeeded\n");
} else {
if (errno == EPERM) {
printf("procctl tracing disable is working: ptrace attach failed
with EPERM\n");
} else {
perror("ptrace(PT_ATTACH)");
}
}
return 0;
}
After compiling the program, we run it against one of the processes that's
running,
[root@bsd123 ~]# ./procc 868
the process has TRACE_CTL status=-1
procctl tracing disable is NOT working: ptrace attach succeeded
[root@bsd123 ~]#
--
You are receiving this mail because:
You are the assignee for the bug.
