Re: [PATCH] ptrace: it is fun to strace /sbin/init

From: Pavel Machek
Date: Mon Mar 24 2008 - 19:09:02 EST


On Tue 2008-03-25 02:04:58, Oleg Nesterov wrote:
> On 03/24, Pavel Machek wrote:
> >
> > > /sbin/init is important, but there are other important (and sometimes
> > > much more important) services. Why it is so special so that we can't
> > > debug/strace it?
> >
> > Maybe. Let's kill /sbin/init protection in 2.6.26. But making it
> > optional is wrong.
>
> You are right, the boot parameter is silly. How about sysctl?

I'd prefer it to be hardcoded, really.

"You can kill /sbin/init" sounds right.

"You can kill /sbin/init on 2.6.26+" sounds... still quite ok.

"You can kill /sbin/init on 2.6.26+ if you have /proc/sys/foo/bar ==
1" sounds... quite wrong.

> Stephen, do you see any security problems if we make /sbin/init
> ptraceable by default?

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
pomozte zachranit klanovicky les: http://www.ujezdskystrom.info/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/