diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-04-12 15:33:42 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-04-12 15:33:42 +0200 |
commit | b158f1d751b17acc1700fce9777d2b85ffa8e914 (patch) | |
tree | d010162076d1b77ba27de3b31e45a49bb7983a5e /gnu/build/activation.scm | |
parent | ce6fc7d6a5345fd1c28e1a59cca807e81244b3e2 (diff) |
system: Allow users to PTRACE_ATTACH to their own processes.
* gnu/build/activation.scm (activate-ptrace-attach): New procedure.
* gnu/system.scm (operating-system-activation-script): Use it.
Diffstat (limited to 'gnu/build/activation.scm')
-rw-r--r-- | gnu/build/activation.scm | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index 64c3410baf..0c60355a1c 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -30,6 +30,7 @@ activate-/bin/sh activate-modprobe activate-firmware + activate-ptrace-attach activate-current-system)) ;;; Commentary: @@ -335,6 +336,18 @@ by itself, without having to resort to a \"user helper\"." (lambda (port) (display directory port)))) +(define (activate-ptrace-attach) + "Allow users to PTRACE_ATTACH their own processes. + +This works around a regression introduced in the default \"security\" policy +found in Linux 3.4 onward that prevents users from attaching to their own +processes--see Yama.txt in the Linux source tree for the rationale. This +sounds like an unacceptable restriction for little or no security +improvement." + (call-with-output-file "/proc/sys/kernel/yama/ptrace_scope" + (lambda (port) + (display 0 port)))) + (define %current-system ;; The system that is current (a symlink.) This is not necessarily the same |