kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #163919
[Bug 1551894] Re: linux: ADT test failures with 4.4.0-9.X
Hrm, this looks like it might be a legit regression. 4.4.0-8 passes the
test, while 4.4.0-9.X is failing. In both instances,
/proc/sys/kernel/yama/ptrace_scope is set to 1. It looks like cousin
processes are allowed to ptrace each other, which yama's ptrace
restrictions should prevent.
Looking at the git commits between tags Ubuntu-4.4.0-8.23 and
Ubuntu-4.4.0-9.24, the following commits stand out as being ptrace
relevent:
commit 969624b7c1c8c9784651eb97431e6f2bbb7a024c
Author: Jann Horn <jann@xxxxxxxxx>
Date: Wed Jan 20 15:00:04 2016 -0800
ptrace: use fsuid, fsgid, effective creds for fs access checks
upstream commit caaee6234d05a58c5b4d05e7bf766131b810a657 upstream.
and
commit a76b8ce7ad1f65a96638f161ff83075de04ec9cc
Author: Jann Horn <jann@xxxxxxxxx>
Date: Sat Dec 12 21:12:41 2015 +0100
UBUNTU: SAUCE: (noup) ptrace: being capable wrt a process requires mapped uids/gids
upstream reference https://lkml.org/lkml/2015/12/12/259
But it's not obvious to me why either commit would break this.
** Summary changed:
- linux: ADT test failures with 4.4.0-9.X
+ linux: 4.4.0-9.X fails yama ptrace restrictions tests
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1551894
Title:
linux: 4.4.0-9.X fails yama ptrace restrictions tests
Status in linux package in Ubuntu:
Incomplete
Bug description:
15:55:46 ERROR| [stderr] FAIL: test_093_ptrace_restriction (__main__.KernelSecurityTest)
15:55:46 ERROR| [stderr] ptrace allowed only on children or declared processes
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1551894/+subscriptions
References