I've attached a wrapper program that should allow this and only this.
Without filesystem capabilities (2.3 stuff), you'll have to make do with
some sort of wrapper. You'll need to make this wrapper setuid root.
[morgan@morgan-home olx]$ strace -p 189
attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
[morgan@morgan-home olx]$ strace_all -p 189
bash: strace_all: command not found
[morgan@morgan-home olx]$ ./strace_all -p 189
oldselect(20, [4 5], NULL, NULL, NULL
(Take a look at /proc/<strace_all_pid>/status to convince yourself that
this works.)
Cheers
Andrew
PS. I'm at a loss to say what has happened to the FAQ. Astor?
peeterj@ca.ibm.com wrote:
>
> Hi Andrew,
>
> I was looking into the use of linux capabilities to allow debugging of
> setuid root programs by allowing cap_sys_ptrace.
>
> I have built and installed libcap on a machine running 2.2, but now that I
> have done so I am not exactly sure how to go about allowing selective
> ptrace. The first place I looked into was the faq, but the link
> (ftp://ftp.guardian.no/pub/free/linux/capabilities/capfaq.txt) seems to be
> dead. Do you know of an updated url?
>
> The reason that I want to do this is because Linux seems to not allow
> debugging of a suid root program even after dropping all root authorities
> (even after calling ALL of set[ug]id, sete[ug]id, and setre[ug]id to not
> root group and id). However, we need to allow our programmers to debug and
> don't neccessarily want to start passing out the root password all over the
> place.
>
> By cc to any kernel developers, is this ptrace behaviour a linux bug, and
> if not what is the rational (is more needed then dropping the root
> uid/gid?).
>
> Peeter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/