[Bug 1221763] New: ptrace(PTRACE_ATTACH) fails on processes of the same user
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1221763 Bug ID: 1221763 Summary: ptrace(PTRACE_ATTACH) fails on processes of the same user Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Major Priority: P5 - None Component: Kernel Assignee: kernel-bugs@opensuse.org Reporter: giuliano.belinassi@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Recent updates of tumbleweed broke `ptrace(PTRACE_ATTACH, ...)` when attaching to a process from the same user. This breaks attaching a debugger (gdb) to a process and userspace livepatching. A single line reproducer in a clean system is: ``` $ sleep 5000 & gdb -p $(pidof sleep) ``` If you see the following message: ``` Attaching to process 12606 ptrace: Operation not permitted. ``` This means ptrace is not working. As a contrast, running gdb with sudo works as intended. Value of /proc/sys/kernel/yama/ptrace_scope: ``` $ cat /proc/sys/kernel/yama/ptrace_scope 1 ``` -- You are receiving this mail because: You are the assignee for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1221763
https://bugzilla.suse.com/show_bug.cgi?id=1221763#c1
--- Comment #1 from Giuliano Belinassi
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1221763
https://bugzilla.suse.com/show_bug.cgi?id=1221763#c2
Michael Matz
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1221763
https://bugzilla.suse.com/show_bug.cgi?id=1221763#c3
--- Comment #3 from Jiri Slaby
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1221763
https://bugzilla.suse.com/show_bug.cgi?id=1221763#c4
Jiri Slaby
Recent updates of tumbleweed broke `ptrace(PTRACE_ATTACH, ...)` when attaching to a process from the same user. This breaks attaching a debugger (gdb) to a process and userspace livepatching. A single line reproducer in a clean system is:
``` $ sleep 5000 & gdb -p $(pidof sleep) ```
If you see the following message:
``` Attaching to process 12606 ptrace: Operation not permitted. ``` This means ptrace is not working. As a contrast, running gdb with sudo works as intended.
Value of /proc/sys/kernel/yama/ptrace_scope: ``` $ cat /proc/sys/kernel/yama/ptrace_scope 1 ```
So this actually works as expected and was supposed to work like this forever. Could you clarify what "Recent updates of tumbleweed" broke this? -- You are receiving this mail because: You are the assignee for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1221763
https://bugzilla.suse.com/show_bug.cgi?id=1221763#c5
Tom de Vries
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1221763
https://bugzilla.suse.com/show_bug.cgi?id=1221763#c6
--- Comment #6 from Martin Jambor
Could you clarify what "Recent updates of tumbleweed" broke this?
I'm not sure if it helps but the most recent TW that I can find where /proc/sys/kernel/yama/ptrace_scope still defaults to 0 is "20240209." For example TW with version "20240218" already defaults to 1. -- You are receiving this mail because: You are the assignee for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1221763
https://bugzilla.suse.com/show_bug.cgi?id=1221763#c7
--- Comment #7 from Jiri Slaby
(In reply to Jiri Slaby from comment #4)
Could you clarify what "Recent updates of tumbleweed" broke this?
I'm not sure if it helps but the most recent TW that I can find where /proc/sys/kernel/yama/ptrace_scope still defaults to 0 is "20240209." For example TW with version "20240218" already defaults to 1.
Do you switch between snapshots or only kernels? 1 is the default for over a decade in the kernel. Maybe we used to set it in some package to 0 in /usr/lib/sysctl.d? Could you: grep -r ptrace_scope /usr/lib/sysctl* /etc/sysctl* in 20240209? -- You are receiving this mail because: You are the assignee for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1221763
https://bugzilla.suse.com/show_bug.cgi?id=1221763#c8
Jiri Slaby
participants (1)
-
bugzilla_noreply@suse.com