ubuntu 10.10 ptrace权限的变动 | change in behavior of ptrace in ubuntu 10.10

最近有人在scanmem提交bug,说非root不能attach其他进程。当时我用的ubuntu 10.04,没能重现这个问题。最近用上10.10,发现确实有这个问题,于是考虑到是不是ubuntu的变动。简单搜了一下,在https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace%20Protection找到了原因,是10.10里故意这么设置的,目的是保护进程。

其作用的是/proc/sys/kernel/yama/ptrace_scope这个sysctl值,以前是0,ubuntu 10.10里默认是1。



Recent some one has posted a bug in scanmem, that the program can no longer attach to other processes without run as root. At the moment I was still using ubuntu 10.04, where I couldn't reproduce the bug. Now I've been using 10.10 and I did confirm that bug. So I think this must be something changed in ubuntu. After a brief searching, I found the reason at https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace%20Protection, so that was changed intended, in order to protect the processes.

The key value is the sysctl value "/proc/sys/kernel/yama/ptrace_scope", which is 0 by default before, but now 1 by default.

So in the future scanmem will need to run as root.

And this is quite a good news for ubuntu.