Skip to content

profiles/ist/shell: Use classic ptrace permissions

André Breda requested to merge ist189409/nixrnl:permissive_ptrace into master

Description of changes

Machines using profiles.ist.shell have student end-users who regularly need to debug their own code. There are many techniques to accomplish this, one of them being attaching a debugger like gdb to a running process to inspect its state, which particularly suits hard-to-reproduce bugs.

However, the current configuration negates almost all uses of this technique because it restricts ptrace(PTRACE_ATTACH, ...) syscalls to situations where the debugger process is the (grand?)father of the debuggee.

This MR lifts this restriction, returning ptrace to its original default where any process can debug any other as long as they belong to the same user.

Things done

  • Tested
  • Updated documentation (Wiki/NetBox)
  • Breaking change

Merge request reports