---
- branch: netbsd-8
  date: Sat May  5 19:13:21 UTC 2018
  files:
  - new: 1.22.2.3
    old: 1.22.2.2
    path: src/sys/kern/sys_ptrace_common.c
    pathrev: src/sys/kern/sys_ptrace_common.c@1.22.2.3
    type: modified
  id: 20180505T191321Z.d04d784e330327158ff54419502ccebf7f9aa452
  log: "Pull up following revision(s) (requested by kamil in ticket #792):\n\n\tsys/kern/sys_ptrace_common.c:
    revision 1.38\n\nHarden the NetBSD PT_TRACE_ME operation\n\nYou can't say to the
    parent of a process to start tracing if:\n\t(1) the parent is initproc,\n\t(2)
    the child is already traced.\n\nRationale:\n (1) - It has a side effect of being
    an anti-debugger functionality,\n       as we cannot kill initproc (PID1) and
    reset the traced flag.\n     - initproc is not a debugger, raising debugging events
    from a child\n       to initproc can result in at least a stopped/hanging process\n
    \      in the system.\n (2) - It does not make sense to be simultanously traced
    by two debuggers\n     - It does not make sense to be traced twice by the same
    debugger.\n\nPermit enable tracing for a parent that has been chroot(8)ed, as
    this is\nharmless and the parent is already monitoring for child signals.\nThe
    same semantics exist in FreeBSD.\n\nIf you are looking for an antidebugging trick
    for old NetBSD (pre 8.0)\nor other popular kernels, here is an example:\n\n$ cat
    antidebug.c\nint\nmain(int argc, char **argv)\n{\n\tpid_t child;\n\tint rv;\n\tint
    n =3D 0;\n\tchild =3D fork();\n\tif (child =3D=3D 0) {\n\t\twhile (getppid() !=3D
    1)\n\t\t\tcontinue;\n\t\trv =3D ptrace(PT_TRACE_ME, 0, 0, 0);\n\t\tif (rv !=3D
    0)\n\t\t\tabort();\n\t\tprintf(\"Try to detach to me with a debugger!! \");\n\t\tprintf(\"haha
    My PID is %d\\n\", getpid());\n\t\twhile (1) {\n\t\t\tprintf(\"%d\\n\", n++);\n\t\t\tsleep(1);\n\t\t}\n\t}\n\texit(0);\n}\n\nA
    developer is no longer able to attach GDB, strace or LLDB to this program\nwithout
    killing the initproc (your favourite system daemon).. this action\nwould be fatal
    for the operation of the whole Operating System stability.\n\nExamples from a
    current non-NetBSD popular kernel:\n$ ps -o ppid=3D -p 17904\n    1\n$ strace
    -p 17904\nstrace: attach: ptrace(PTRACE_SEIZE, 17904): Operation not permitted\n$
    gdb -p 17904\n[...]\nAttaching to process 17904\nwarning: process 17904 is already
    traced by process 1\nptrace: Operation not permitted.\n(gdb)\n$ lldb-3.9 -p 17904\n(lldb)
    process attach --pid 17904\nerror: attach failed: unable to attach\n\nOn NetBSD
    8.0 and newer it is now guaranteed to have an option to kill\na malevolent (fake?)
    debugger and attach with a new tracer to the process\n\nSponsored by <The NetBSD
    Foundation>\n"
  module: src
  subject: 'CVS commit: [netbsd-8] src/sys/kern'
  unixtime: '1525547601'
  user: martin