Hi.
Mac OS X has a PT_DENY_ATTACH argument to ptrace(2) which does what
it says on the tin:
PT_DENY_ATTACH
This request is the other operation used by the traced
process; it allows a process that is not currently being
traced to deny future traces by its parent. All other
arguments are ignored. If the process is currently being
traced, it will exit with the exit status of ENOTSUP; oth-
erwise, it sets a flag that denies future traces. An
attempt by the parent to trace a process which has set this
flag will result in a segmentation violation in the parent
Any reason not to use it in platform_disable_tracing() ?
diff --git a/configure.ac b/configure.ac
index f5e1378..88c4633 100644
--- a/configure.ac
+++ b/configure.ac
@@ -405,6 +405,7 @@ AC_CHECK_HEADERS([ \
sys/poll.h \
sys/prctl.h \
sys/pstat.h \
+ sys/ptrace.h \
sys/select.h \
sys/stat.h \
sys/stream.h \
diff --git a/platform-tracing.c b/platform-tracing.c
index 81020e7..4c80a28 100644
--- a/platform-tracing.c
+++ b/platform-tracing.c
@@ -20,6 +20,9 @@
#if defined(HAVE_SYS_PRCTL_H)
#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
#endif
+#ifdef HAVE_SYS_PTRACE_H
+#include <sys/ptrace.h>
+#endif
#ifdef HAVE_PRIV_H
#include <priv.h> /* For setpflags() and __PROC_PROTECT */
#endif
@@ -40,4 +43,9 @@ platform_disable_tracing(int strict)
if (setpflags(__PROC_PROTECT, 1) != 0 && strict)
fatal("unable to make the process untraceable");
#endif
+#ifdef PT_DENY_ATTACH
+ /* Mac OS X */
+ if (ptrace(PT_DENY_ATTACH, 0, 0, 0) == -1 && strict)
+ fatal("unable to set PT_DENY_ATTACH");
+#endif
}
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
sgtm for some reason I thought you were already doing this. On Tue, Oct 25, 2016 at 5:30 PM, Darren Tucker <dtucker at zip.com.au> wrote:> Hi. > > Mac OS X has a PT_DENY_ATTACH argument to ptrace(2) which does what > it says on the tin: > > PT_DENY_ATTACH > This request is the other operation used by the traced > process; it allows a process that is not currently being > traced to deny future traces by its parent. All other > arguments are ignored. If the process is currently being > traced, it will exit with the exit status of ENOTSUP; oth- > erwise, it sets a flag that denies future traces. An > attempt by the parent to trace a process which has set this > flag will result in a segmentation violation in the parent > > Any reason not to use it in platform_disable_tracing() ? > > diff --git a/configure.ac b/configure.ac > index f5e1378..88c4633 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -405,6 +405,7 @@ AC_CHECK_HEADERS([ \ > sys/poll.h \ > sys/prctl.h \ > sys/pstat.h \ > + sys/ptrace.h \ > sys/select.h \ > sys/stat.h \ > sys/stream.h \ > diff --git a/platform-tracing.c b/platform-tracing.c > index 81020e7..4c80a28 100644 > --- a/platform-tracing.c > +++ b/platform-tracing.c > @@ -20,6 +20,9 @@ > #if defined(HAVE_SYS_PRCTL_H) > #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ > #endif > +#ifdef HAVE_SYS_PTRACE_H > +#include <sys/ptrace.h> > +#endif > #ifdef HAVE_PRIV_H > #include <priv.h> /* For setpflags() and __PROC_PROTECT */ > #endif > @@ -40,4 +43,9 @@ platform_disable_tracing(int strict) > if (setpflags(__PROC_PROTECT, 1) != 0 && strict) > fatal("unable to make the process untraceable"); > #endif > +#ifdef PT_DENY_ATTACH > + /* Mac OS X */ > + if (ptrace(PT_DENY_ATTACH, 0, 0, 0) == -1 && strict) > + fatal("unable to set PT_DENY_ATTACH"); > +#endif > } > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
On Tue, Nov 1, 2016 at 8:06 AM, Peter Moody <mindrot at hda3.com> wrote:> sgtm > > for some reason I thought you were already doing this.It's possible I mentioned it before but did not actually commit it. Anyway, this time for sure: https://anongit.mindrot.org/openssh.git/commit/?id=5ee3fb5affd7646f141749483205ade5fc54adaf -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.