For a process to entirely disable ptrace restrictions, it can use the
special PR_SET_PTRACER_ANY pid to indicate that any otherwise allowed
process may ptrace it. This is stronger than calling PR_SET_PTRACER with
pid "1" because it includes processes in external pid namespaces.
BUG=chromium-os:25271
TEST=x86-alex build, boot, passes updated security_ptraceRestrictions.
STATUS=Fixed
Change-Id: I7a09a388f7b9b528cada04c752174edba2cf18ea
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/14602
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>
tracee = rcu_dereference(tracee->group_leader);
list_for_each_entry(relation, &ptracer_relations, node)
if (relation->tracee == tracee) {
+ found = true;
parent = relation->tracer;
found = true;
break;