PR_SET_PTRACER does not work from a thread
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
Maverick |
Fix Released
|
Medium
|
Kees Cook | ||
Natty |
Fix Released
|
High
|
Kees Cook |
Bug Description
Linux ubuntu 2.6.35-22-generic #33-Ubuntu SMP Sun Sep 19 20:34:50 UTC 2010 i686 GNU/Linux
The program below reproduces the problem.
If you launch it without argument, the thread will call PR_SET_PTRACER.
Then the child process cannot ptrace its parent.
If it is the main thread which is calling PR_SET_PTRACER, then it works properly.
Just give an argument to the program to have the main thread calling PR_SET_PTRACER
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#include <sys/ptrace.h>
#include <sys/prctl.h>
int main_does_prctl;
int ret;
pid_t child;
static void *thr_fn(void *v)
{
if (!main_does_prctl) {
ret = prctl (PR_SET_PTRACER, child, 0, 0, 0);
printf(
}
printf("thread sleeping\n");
sleep(100);
}
int main(int argc, char*argv[])
{
pthread_t thr;
pid_t parent = getpid();
long ptrace_result;
child = fork();
if (child == 0) {
/* This is the child, sleep to let our parent set_ptracer
us. */
printf("child sleeping\n");
sleep (5);
printf("will ptrace my parent %d\n", parent);
ptrace_result = ptrace (PTRACE_ATTACH, parent, NULL, NULL);
if (ptrace_result == 0)
printf ("ptrace attach successful\n");
else
perror ("ptrace attach has failed");
printf(
ptrace_result = ptrace (PTRACE_KILL, parent, NULL, NULL);
if (ptrace_result == 0)
printf ("ptrace kill successful\n");
else
perror ("ptrace kill has failed");
exit(0);
}
main_does_prctl = argc > 1;
pthread_
if (main_does_prctl) {
ret = prctl (PR_SET_PTRACER, child, 0, 0, 0);
printf("main prtctl result %d \n", ret);
}
printf("main sleeping\n");
sleep(100);
}
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: linux-image-
Regression: No
Reproducible: Yes
ProcVersionSign
Uname: Linux 2.6.35-22-generic i686
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
AplayDevices:
**** List of PLAYBACK Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC268 Analog [ALC268 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
Architecture: i386
ArecordDevices:
**** List of CAPTURE Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC268 Analog [ALC268 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
AudioDevicesInUse:
Cannot stat file /proc/4717/fd/40: Stale NFS file handle
/dev/snd/
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
Card hw:0 'Intel'/'HDA Intel at 0xd4600000 irq 45'
Mixer name : 'Realtek ALC268'
Components : 'HDA:10ec0268,
Controls : 13
Simple ctrls : 8
Date: Sat Mar 5 20:00:32 2011
LiveMediaBuild: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
MachineType: TOSHIBA Satellite L300
ProcCmdLine: file=/cdrom/
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
RelatedPackageV
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
SourcePackage: linux
dmi.bios.date: 10/09/2008
dmi.bios.vendor: INSYDE
dmi.bios.version: 1.30
dmi.board.
dmi.board.name: Portable PC
dmi.board.vendor: TOSHIBA
dmi.board.version: Base Board Version
dmi.chassis.
dmi.chassis.type: 10
dmi.chassis.vendor: Chassis Manufacturer
dmi.chassis.
dmi.modalias: dmi:bvnINSYDE:
dmi.product.name: Satellite L300
dmi.product.
dmi.sys.vendor: TOSHIBA
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → Kees Cook (kees) |
importance: | Undecided → High |
milestone: | none → ubuntu-11.04-beta-1 |
Changed in linux (Ubuntu Maverick): | |
status: | Fix Committed → In Progress |
tags: |
added: natty removed: needs-upstream-testing |
Changed in linux (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-maverick removed: verification-needed-maverick |
Ah, yes. Looks like this is the inverse of a bug that was fixed during Maverick development. I've got a test kernel building now, and should have results shortly.