From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Fri, 28 Jun 2013 16:57:27 +0000 (+0200)
Subject: sys_clone: add a comment about CLONE_PTRACE and CLONE_UNTRACED
X-Git-Tag: v4.9~212
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d083016e03e8511c808e8f65305726a523c03e9a;p=strace

sys_clone: add a comment about CLONE_PTRACE and CLONE_UNTRACED

No code changes.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---

diff --git a/process.c b/process.c
index 799a314d..e2fa25b6 100644
--- a/process.c
+++ b/process.c
@@ -569,6 +569,18 @@ sys_clone(struct tcb *tcp)
 		if (flags & (CLONE_CHILD_SETTID|CLONE_CHILD_CLEARTID))
 			tprintf(", child_tidptr=%#lx", tcp->u_arg[ARG_CTID]);
 	}
+	/* TODO on syscall entry:
+	 * We can clear CLONE_PTRACE here since it is an ancient hack
+	 * to allow us to catch children, and we use another hack for that.
+	 * But CLONE_PTRACE can conceivably be used by malicious programs
+	 * to subvert us. By clearing this bit, we can defend against it:
+	 * in untraced execution, CLONE_PTRACE should have no effect.
+	 *
+	 * We can also clear CLONE_UNTRACED, since it allows to start
+	 * children outside of our control. At the moment
+	 * I'm trying to figure out whether there is a *legitimate*
+	 * use of this flag which we should respect.
+	 */
 	return 0;
 }