commit 3508de3cd692b8e9567fd9ab64f88ace28e91ef2 Author: Nick Mathewson <nickm@torproject.org> Date: Thu Nov 24 23:39:44 2011 -0500 Tweak disable_debugger_attachment a little Don't warn when we have no implementation of this function (since it's on-by-default); reformat the changes entry; fix an overlong line. --- changes/disable_debugger_attachment | 24 +++++++++++++----------- src/or/config.c | 30 +++++++++++++++++++----------- 2 files changed, 32 insertions(+), 22 deletions(-) diff --git a/changes/disable_debugger_attachment b/changes/disable_debugger_attachment index 366f972..b413788 100644 --- a/changes/disable_debugger_attachment +++ b/changes/disable_debugger_attachment @@ -1,14 +1,16 @@ o Minor features: - - If set to 1, Tor will attempt to prevent basic debugging attachment - attempts by other processes. It has no impact for users who wish to - attach if they have CAP_SYS_PTRACE or if they are root. We believe that - this feature works on modern Gnu/Linux distributions, and that it may - also work on *BSD systems (untested). Some modern Gnu/Linux systems such - as Ubuntu have the kernel.yama.ptrace_scope sysctl and by default enable - it as an attempt to limit the PTRACE scope for all user processes by - default. This feature will attempt to limit the PTRACE scope for Tor - specifically - it will not attempt to alter the system wide ptrace scope - as it may not even exist. If you wish to attach to Tor with a debugger - such as gdb or strace you will want to set this to 0 for the duration of + - If set to 1, Tor will attempt to prevent basic debugging + attachment attempts by other processes. It has no impact for + users who wish to attach if they have CAP_SYS_PTRACE or if they + are root. We believe that this feature works on modern + Gnu/Linux distributions, and that it may also work on OSX and + some *BSD systems (untested). Some modern Gnu/Linux systems + such as Ubuntu have the kernel.yama.ptrace_scope sysctl and by + default enable it as an attempt to limit the PTRACE scope for + all user processes by default. This feature will attempt to + limit the PTRACE scope for Tor specifically - it will not + attempt to alter the system wide ptrace scope as it may not even + exist. If you wish to attach to Tor with a debugger such as gdb + or strace you will want to set this to 0 for the duration of your debugging. Normal users should leave it on. (Default: 1) diff --git a/src/or/config.c b/src/or/config.c index b8ff6e8..a424637 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -40,19 +40,19 @@ #include <shlobj.h> #endif -#include "procmon.h" - -/* From main.c */ -extern int quiet_level; - /* Includes for the process attaching prevention */ #if defined(HAVE_SYS_PRCTL_H) && defined(__linux__) -#include <sys/prctl.h> +#include <sys/prctl.h> #elif defined(__APPLE__) #include <sys/types.h> #include <sys/ptrace.h> #endif +#include "procmon.h" + +/* From main.c */ +extern int quiet_level; + /** Enumeration of types which option values can take */ typedef enum config_type_t { CONFIG_TYPE_STRING = 0, /**< An arbitrary string. */ @@ -703,25 +703,33 @@ get_dirportfrontpage(void) * attach to the Tor process. */ /** Attempt to disable debugger attachment. */ -static int tor_disable_debugger_attach(void) { - int r; +static int +tor_disable_debugger_attach(void) +{ + int r, attempted; r = -1; + attempted = 0; log_debug(LD_CONFIG, - "Attemping to disable debugger attachment to Tor for unprivileged users."); + "Attemping to disable debugger attachment to Tor for " + "unprivileged users."); #if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && defined(HAVE_PRCTL) #ifdef PR_SET_DUMPABLE + attempted = 1; r = prctl(PR_SET_DUMPABLE, 0); #endif #endif #if defined(__APPLE__) && defined(PT_DENY_ATTACH) - r = ptrace(PT_DENY_ATTACH, 0, 0, 0); + if (r < 0) { + attempted = 1; + r = ptrace(PT_DENY_ATTACH, 0, 0, 0); + } #endif // XXX: TODO - Mac OS X has dtrace and this may be disabled - implement it here // XXX: TODO - Windows probably has something similar - implement it here if (r == 0) { log_debug(LD_CONFIG,"Debugger attachment disabled for unprivileged users."); - } else { + } else if (attempted) { log_warn(LD_CONFIG, "Unable to disable ptrace attach: %s", strerror(errno)); }