You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently on Linux, after a signal has been raised, we use prctl to add PR_SET_DUMPABLE before handing off control to the user callback. This allows the current, or more importantly an external, process to use ptrace to gather information on the crashing process when eg. writing a minidump. This flow is the same as Breakpad's.
However, this method is no longer guaranteed to work as newer distro releases are increasingly defaulting to increased security through things such as yama. When ptrace_scope is set to 1, the default in some distros (eg ubuntu 22.04), this will mean that a child process of the crashing process, which is how the libraries in this project are designed to work together, won't have ptrace permissions despite being dumpable.
We need to also set PR_SET_PTRACER so that the dumping process can have the permission, despite being a child (inferior) process of the crashing, parent, process. The simplest way to fix this would just be to use PR_SET_PTRACER_ANY, but we should add an option to the API to be able to explicitly set a PID for the one process which the user wants to allow to dump their parent process as well, if the user wants to be extra cautious.
The text was updated successfully, but these errors were encountered:
Having just said that this issue suggests it's not live as ubuntu-latest until December 1st!
However, I reproduced it here with the version listed as 20.04.1-Ubuntu SMP Thu Sep 1 19:20:56 UTC 2022 and it was subsequently fixed by adding PR_SET_PTRACER.
Maybe GitHub already had it locked down with ptrace_scope or do any of your tests suggest otherwise?
Currently on Linux, after a signal has been raised, we use
prctl
to addPR_SET_DUMPABLE
before handing off control to the user callback. This allows the current, or more importantly an external, process to use ptrace to gather information on the crashing process when eg. writing a minidump. This flow is the same as Breakpad's.However, this method is no longer guaranteed to work as newer distro releases are increasingly defaulting to increased security through things such as yama. When
ptrace_scope
is set to 1, the default in some distros (eg ubuntu 22.04), this will mean that a child process of the crashing process, which is how the libraries in this project are designed to work together, won't have ptrace permissions despite being dumpable.We need to also set
PR_SET_PTRACER
so that the dumping process can have the permission, despite being a child (inferior) process of the crashing, parent, process. The simplest way to fix this would just be to usePR_SET_PTRACER_ANY
, but we should add an option to the API to be able to explicitly set a PID for the one process which the user wants to allow to dump their parent process as well, if the user wants to be extra cautious.The text was updated successfully, but these errors were encountered: