It’s so stupid there’s no good method that doesn’t somewhere require you to have done something with elevated permissions. I started the process and its parent, let me monitor the damn thing.
It doesn’t require you to have elevated privileges though. As mentioned in the article, since there is a predefined relationship between the supervisor and the supervised process, it does work with the default yama security policies for arbitrary UIDs. The same thing would be true for ptrace as well btw.
Huh, last time I looked into this I couldn’t find a solution that worked without at least creating a cgroup or setting some weird extended file permission or dealing with yama. I’ll have to try this.
That’s probably because the starter example in the Linux source tree uses two independent forks for convenience and destroys the predefined relationship in the process, meaning it does require such workarounds.
But in that example it doesn’t matter, because it intercepts mount which requires root anyway. You can easily avoid the extra fork though and that architecture allows it to work without yama policy changes.
It’s so stupid there’s no good method that doesn’t somewhere require you to have done something with elevated permissions. I started the process and its parent, let me monitor the damn thing.
It doesn’t require you to have elevated privileges though. As mentioned in the article, since there is a predefined relationship between the supervisor and the supervised process, it does work with the default yama security policies for arbitrary UIDs. The same thing would be true for
ptraceas well btw.Huh, last time I looked into this I couldn’t find a solution that worked without at least creating a cgroup or setting some weird extended file permission or dealing with yama. I’ll have to try this.
That’s probably because the starter example in the Linux source tree uses two independent forks for convenience and destroys the predefined relationship in the process, meaning it does require such workarounds.
But in that example it doesn’t matter, because it intercepts
mountwhich requires root anyway. You can easily avoid the extra fork though and that architecture allows it to work without yama policy changes.