ptrace versus setuid changes in 4.14?
From: Tom Horsley
Date: Thu Dec 21 2017 - 09:18:31 EST
On my fedora 26 box with a 4.13 kernel, when a process
under ptrace control did an exec of a setuid program,
the program lost all of its setuid privileges and
ptrace could operate on it like a normal program.
Experimental evidence seems to indicate that on
fedora 27 with a 4.14 kernel, ptrace cannot
do a PEEKDATA to read anything from the just
execed setuid program. (I get errno 5 - I/O error).
Am I confused somehow, or did something really change
in this vicinity?
It puts a real crimp in my fancy debug feature to
patch code into a setuid program to make it re-exec itself,
then detach from it. (I don't suppose we could get
a setoptions feature to tell the kernel to detach
from setuid programs automagically and let the debugger
know it is no longer in control of the process?)