ptrace_syscall "operation not permitted"

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

ptrace_syscall "operation not permitted"

Postby ethan@plaxo.com » Tue Apr 01, 2003 12:29 pm

Hi all,
I'm having problems getting strace to run correctly. I've gone as far as disabling grsec's ACL's completely with 'gradm -D', but I stil get the above error. I'm trying to strace the /usr/bin/updatedb command to figure out why (since installing grsec) it's seg faulting.

I have relatively liberal ACL's, and a gradm -T shows the following:
/sbin/gradm -T /usr/bin/strace /usr/bin/updatedb
Allowed access for /usr/bin/updatedb from /usr/bin/strace:
Read: yes
Write: no
Append: no
Execute: yes
Hidden: no
Inherit ACL on exec: no
Read-only ptrace: no
Audit reads: no
Audit writes: no
Audit execs: no
Audit appends: no
Audit finds: no
Audit inherits: no

In the / acl I have enabled CAP_SYS_PTRACE.

Any ideas on how to fix this problem?
Thanks,
Ethan
ethan@plaxo.com
 
Posts: 9
Joined: Thu Mar 27, 2003 5:34 pm

Postby spender » Tue Apr 01, 2003 1:41 pm

It's not grsecurity causing the problem. I believe the new ptrace patch that is included in 1.9.9e caused that. I'm not aware of any workaround. If the ptrace patch causes problems where it shouldn't, they will (hopefully) be fixed before 2.4.21 final is released.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

ptrace_syscall "operation not permitted"

Postby ethan@plaxo.com » Tue Apr 01, 2003 2:32 pm

If the ptrace patch causes problems where it shouldn't, they will (hopefully) be fixed before 2.4.21 final is released.


So are you saying that this is a problem with the default Linux kernel? Is the ptrace patch included in a vanilla 2.4.20 kernel tarball?

Thanks,
Ethan
ethan@plaxo.com
 
Posts: 9
Joined: Thu Mar 27, 2003 5:34 pm

Postby spender » Tue Apr 01, 2003 2:35 pm

No, it's due to the ptrace patch that was released recently to fix the local root ptrace hole in linux <= 2.4.21-pre5. So, a default 2.4.20 kernel won't have the problem you're experiencing, but it will have an easily exploitable local hole.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby wwwhost » Wed Apr 23, 2003 8:38 am

hi all,
I have a similar problem afther upgrading to kernel 2.4.18-27.7.x

Using trace process (on a cPanel 6.2 server) i recive the following error:

trace: ptrace(PTRACE_SYSCALL, ...): Operation not permitted

not sure if this problem comes from the kernel it'selves....
wwwhost
 
Posts: 2
Joined: Wed Apr 23, 2003 8:30 am

Postby spender » Wed Apr 23, 2003 9:01 am

That kernel contains the same ptrace fix causing the problem above.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby wwwhost » Wed Apr 23, 2003 9:28 am

ah.. ok thank you for this info.
wwwhost
 
Posts: 2
Joined: Wed Apr 23, 2003 8:30 am


Return to grsecurity support