On 27/04/16 07:22, Elmar Stellnberger wrote:
[...]
It says "operation not permitted" here when trying to ptrace firefox
which was launched just normally as always as user elm. Nonetheless it
was possible to backtrace the hanging frifeox-instance as user root as
you can see in the P.S.-section.
There are two things which I would like to say about it:
* Firefox did apparently not only crash but acquire root privileges by
doing so; otherwise it would not have needed user root to backtrace
firefox (there is no SELinux, Apparmor or anything else running here; it
is a plain Arch-installation)
I believe it's standard (for security reasons) in recent kernels to
require root to trace any process that isn't a direct child of the
tracer, even if the process is owned by the same user. This has been
true for me on Arch Linux as well as Ubuntu. It doesn't necessarily mean
Firefox gained root privileges. Try it on any other running user
process, and you'll probably get the same behavior.
I believe there's a knob (/proc/sys/kernel/yama/ptrace_scope) that
controls this restriction.
--
Travis Evans
