This is awesome! I didn't know something like this existed. Thank you for sharing. I'm going to try it out today.
I've looked at this utility a few times for my production environment, really want to create a proof of concept so i can convince the team to implement it. Can't count the number of processes I've had to restart or help a colleague on that could've been helped by this.
Very capable tool, and useful in some cases. Does require security of the ptrace call to be unset (ptrace_scope
) or set to the default (insecure one).
I'm a big fan of using ptrace_scope to restrict PTRACE_ATTACH
to only allow parents (or grandparents, etc.) to attach to children. Quite useful - this particular security feature was unique to grsecurity and was good enough to be implemented in mainline (changed).
If you care about whether user processes should not be able to attach to other processes under the same UID, don't use it though!
Operating Systems
All things operating system related, from Windows to Mac to Linux distros and the more obscure.
Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.