aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ali Polatel <alip@exherbo.org> 2013-09-21 09:28:03 +0300
committerAvatar Ali Polatel <alip@exherbo.org> 2013-09-21 09:30:53 +0300
commita1fc5bafdae976f4a8ed7a9bef7876be6eceb65d (patch)
tree75e09b46d299aa5f77a90b71509e20c4fddc7ca3
parent9ba6871e9d48a5dfe7e20436214ac5f6c668cbd4 (diff)
downloadsydbox-1-a1fc5bafdae976f4a8ed7a9bef7876be6eceb65d.tar.gz
sydbox-1-a1fc5bafdae976f4a8ed7a9bef7876be6eceb65d.tar.xz
pinktrace: new option PINK_TRACE_OPTION_EXITKILL
This option is supported on Linux-3.8 or newer and is used to send a SIGKILL to all tracees when the tracer exits.
-rw-r--r--configure.ac2
-rw-r--r--pinktrace/system.h.in7
-rw-r--r--pinktrace/trace.c8
-rw-r--r--pinktrace/trace.h11
4 files changed, 28 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index a6ccf5c..fe9507f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -365,6 +365,7 @@ AC_CHECK_DECL([PTRACE_O_TRACEEXEC], [PINK_HAVE_OPTION_EXEC=1], [PINK
AC_CHECK_DECL([PTRACE_O_TRACEVFORKDONE], [PINK_HAVE_OPTION_VFORKDONE=1], [PINK_HAVE_OPTION_VFORKDONE=0], [include_ptrace_h])
AC_CHECK_DECL([PTRACE_O_TRACEEXIT], [PINK_HAVE_OPTION_EXIT=1], [PINK_HAVE_OPTION_EXIT=0], [include_ptrace_h])
AC_CHECK_DECL([PTRACE_O_TRACESECCOMP], [PINK_HAVE_OPTION_SECCOMP=1], [PINK_HAVE_OPTION_SECCOMP=0], [include_ptrace_h])
+AC_CHECK_DECL([PTRACE_O_EXITKILL], [PINK_HAVE_OPTION_EXITKILL=1], [PINK_HAVE_OPTION_EXITKILL=0], [include_ptrace_h])
AC_CHECK_DECL([PTRACE_EVENT_FORK], [PINK_HAVE_EVENT_FORK=1], [PINK_HAVE_EVENT_FORK=0], [include_ptrace_h])
AC_CHECK_DECL([PTRACE_EVENT_VFORK], [PINK_HAVE_EVENT_VFORK=1], [PINK_HAVE_EVENT_VFORK=0], [include_ptrace_h])
AC_CHECK_DECL([PTRACE_EVENT_CLONE], [PINK_HAVE_EVENT_CLONE=1], [PINK_HAVE_EVENT_CLONE=0], [include_ptrace_h])
@@ -414,6 +415,7 @@ AC_SUBST([PINK_HAVE_OPTION_EXEC])
AC_SUBST([PINK_HAVE_OPTION_VFORKDONE])
AC_SUBST([PINK_HAVE_OPTION_EXIT])
AC_SUBST([PINK_HAVE_OPTION_SECCOMP])
+AC_SUBST([PINK_HAVE_OPTION_EXITKILL])
AC_SUBST([PINK_HAVE_EVENT_FORK])
AC_SUBST([PINK_HAVE_EVENT_VFORK])
AC_SUBST([PINK_HAVE_EVENT_CLONE])
diff --git a/pinktrace/system.h.in b/pinktrace/system.h.in
index 589d520..a770909 100644
--- a/pinktrace/system.h.in
+++ b/pinktrace/system.h.in
@@ -123,6 +123,13 @@
* @see pink_trace_setup()
**/
#define PINK_HAVE_OPTION_SECCOMP @PINK_HAVE_OPTION_SECCOMP@
+/**
+ * Define to 1 if #PINK_TRACE_OPTION_EXITKILL is supported, 0 otherwise
+ *
+ * @note This option is supported on Linux-3.8 and newer.
+ * @see pink_trace_setup()
+ **/
+#define PINK_HAVE_OPTION_EXITKILL @PINK_HAVE_OPTION_EXITKILL@
/**
* Define to 1 if pink_trace_setup() is supported, 0 otherwise
diff --git a/pinktrace/trace.c b/pinktrace/trace.c
index cc8b0fc..4200e98 100644
--- a/pinktrace/trace.c
+++ b/pinktrace/trace.c
@@ -207,6 +207,14 @@ int pink_trace_setup(pid_t pid, int options)
#endif
}
+ if (options & PINK_TRACE_OPTION_EXITKILL) {
+#if PINK_HAVE_OPTION_EXITKILL
+ ptrace_options |= PTRACE_O_EXITKILL;
+#else
+ return -EINVAL;
+#endif
+ }
+
return pink_ptrace(PTRACE_SETOPTIONS, pid, NULL, (void *)(long)ptrace_options, NULL);
#else
return -ENOSYS;
diff --git a/pinktrace/trace.h b/pinktrace/trace.h
index 6732fbc..609d388 100644
--- a/pinktrace/trace.h
+++ b/pinktrace/trace.h
@@ -130,6 +130,17 @@
#define PINK_TRACE_OPTION_SECCOMP (1 << 7)
/**
+ * This define represents the trace option EXITKILL.
+ * If this flag is set in the options argument of pink_trace_setup(), a SIGKILL
+ * signal will be sent to every tracee if the tracer exits. This option is
+ * useful for ptrace jailers that want to ensure that tracees can never escape
+ * the tracer's control.
+ *
+ * @see PINK_HAVE_OPTION_EXITKILL
+ **/
+#define PINK_TRACE_OPTION_EXITKILL (1 << 8)
+
+/**
* Wrapper function for @e ptrace(2) function, addressing oddities.
*
* @param req Ptrace request