FS#38873 - [reptyr] Should be installed with capability SYS_CAP_PTRACE
Attached to Project:
Community Packages
Opened by Hermann Zahnweh (eigengrau) - Tuesday, 11 February 2014, 15:42 GMT
Last edited by Daniel Micay (thestinger) - Tuesday, 01 April 2014, 12:12 GMT
Opened by Hermann Zahnweh (eigengrau) - Tuesday, 11 February 2014, 15:42 GMT
Last edited by Daniel Micay (thestinger) - Tuesday, 01 April 2014, 12:12 GMT
|
Details
Description:
Since the functionality of reptyr relies on being able to use the ptrace call, the binary should be installed with the according capability set. Additional info: 0.5-1 Steps to reproduce: Invoke reptyr on a process owned by your UID. > [-] Timed out waiting for child stop. > Unable to attach to pid 25483: Operation not permitted |
This task depends upon
Closed by Daniel Micay (thestinger)
Tuesday, 01 April 2014, 12:12 GMT
Reason for closing: Won't fix
Additional comments about closing: reached consensus that the current situation is obviously not ideal, but is a reasonable compromise
Tuesday, 01 April 2014, 12:12 GMT
Reason for closing: Won't fix
Additional comments about closing: reached consensus that the current situation is obviously not ideal, but is a reasonable compromise
Disabling ptrace_scope just for one package is not the right way to solve this. As it stands, anyone who ever installs this package will have to set SYS_CAP_PTRACE for the binary manually, and a package update will revert this; so the sensible thing to do is either package it with the cap. set, or else drop it from the repo.
Whatever we do here, leaving the package as it is doesn’t make much sense. It would be analogous to packaging /sbin/passwd without setuid. We should either package it with the capability set, or drop it from the repo.
The reptyr utility can still be used as a superuser without the capability set. It's not suddenly useless because non-root users can't use it. Perhaps it's less useful for your case, but you can disable ptrace_scope or set the capability yourself. It could even mention ptrace_scope in the install file.
Ah, okay, I didn’t see that before. That’s a good point and this differs from the /sbin/passwd case.
> The reptyr utility can still be used as a superuser without the capability set.
True. Not ideal, but it’s certainly outweighed by your web server argument.