[tor-commits] [tor/master] Tweak disable_debugger_attachment a little

nickm at torproject.org nickm at torproject.org
Fri Nov 25 04:47:19 UTC 2011


commit 3508de3cd692b8e9567fd9ab64f88ace28e91ef2
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Nov 24 23:39:44 2011 -0500

    Tweak disable_debugger_attachment a little
    
    Don't warn when we have no implementation of this function (since it's
    on-by-default); reformat the changes entry; fix an overlong line.
---
 changes/disable_debugger_attachment |   24 +++++++++++++-----------
 src/or/config.c                     |   30 +++++++++++++++++++-----------
 2 files changed, 32 insertions(+), 22 deletions(-)

diff --git a/changes/disable_debugger_attachment b/changes/disable_debugger_attachment
index 366f972..b413788 100644
--- a/changes/disable_debugger_attachment
+++ b/changes/disable_debugger_attachment
@@ -1,14 +1,16 @@
   o Minor features:
-    - If set to 1, Tor will attempt to prevent basic debugging attachment
-      attempts by other processes. It has no impact for users who wish to
-      attach if they have CAP_SYS_PTRACE or if they are root.  We believe that
-      this feature works on modern Gnu/Linux distributions, and that it may
-      also work on *BSD systems (untested).  Some modern Gnu/Linux systems such
-      as Ubuntu have the kernel.yama.ptrace_scope sysctl and by default enable
-      it as an attempt to limit the PTRACE scope for all user processes by
-      default. This feature will attempt to limit the PTRACE scope for Tor
-      specifically - it will not attempt to alter the system wide ptrace scope
-      as it may not even exist. If you wish to attach to Tor with a debugger
-      such as gdb or strace you will want to set this to 0 for the duration of
+    - If set to 1, Tor will attempt to prevent basic debugging
+      attachment attempts by other processes. It has no impact for
+      users who wish to attach if they have CAP_SYS_PTRACE or if they
+      are root.  We believe that this feature works on modern
+      Gnu/Linux distributions, and that it may also work on OSX and
+      some *BSD systems (untested).  Some modern Gnu/Linux systems
+      such as Ubuntu have the kernel.yama.ptrace_scope sysctl and by
+      default enable it as an attempt to limit the PTRACE scope for
+      all user processes by default. This feature will attempt to
+      limit the PTRACE scope for Tor specifically - it will not
+      attempt to alter the system wide ptrace scope as it may not even
+      exist. If you wish to attach to Tor with a debugger such as gdb
+      or strace you will want to set this to 0 for the duration of
       your debugging. Normal users should leave it on. (Default: 1)
 
diff --git a/src/or/config.c b/src/or/config.c
index b8ff6e8..a424637 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -40,19 +40,19 @@
 #include <shlobj.h>
 #endif
 
-#include "procmon.h"
-
-/* From main.c */
-extern int quiet_level;
-
 /* Includes for the process attaching prevention */
 #if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
-#include <sys/prctl.h> 
+#include <sys/prctl.h>
 #elif defined(__APPLE__)
 #include <sys/types.h>
 #include <sys/ptrace.h>
 #endif
 
+#include "procmon.h"
+
+/* From main.c */
+extern int quiet_level;
+
 /** Enumeration of types which option values can take */
 typedef enum config_type_t {
   CONFIG_TYPE_STRING = 0,   /**< An arbitrary string. */
@@ -703,25 +703,33 @@ get_dirportfrontpage(void)
  * attach to the Tor process.
 */
 /** Attempt to disable debugger attachment. */
-static int tor_disable_debugger_attach(void) {
-    int r;
+static int
+tor_disable_debugger_attach(void)
+{
+    int r, attempted;
     r = -1;
+    attempted = 0;
     log_debug(LD_CONFIG,
-    "Attemping to disable debugger attachment to Tor for unprivileged users.");
+              "Attemping to disable debugger attachment to Tor for "
+              "unprivileged users.");
 #if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && defined(HAVE_PRCTL)
 #ifdef PR_SET_DUMPABLE
+    attempted = 1;
     r = prctl(PR_SET_DUMPABLE, 0);
 #endif
 #endif
 #if defined(__APPLE__) && defined(PT_DENY_ATTACH)
-    r = ptrace(PT_DENY_ATTACH, 0, 0, 0);
+    if (r < 0) {
+      attempted = 1;
+      r = ptrace(PT_DENY_ATTACH, 0, 0, 0);
+    }
 #endif
 
 // XXX: TODO - Mac OS X has dtrace and this may be disabled - implement it here
 // XXX: TODO - Windows probably has something similar - implement it here
     if (r == 0) {
       log_debug(LD_CONFIG,"Debugger attachment disabled for unprivileged users.");
-    } else {
+    } else if (attempted) {
       log_warn(LD_CONFIG, "Unable to disable ptrace attach: %s",
                           strerror(errno));
     }





More information about the tor-commits mailing list