Home > Others

Ptrace_scope functions and settings

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Short answer: no practical danger yet, but read on for a better way... What's this PtraceThing anyway?

This is due to a bug in the Ubuntu kernel that prevents ptrace and Wine playing well together.

  • No, ptrace protection is a deliberate kernel security measure first introduced around Ubuntu 10.10. It'sNot a bug, And so isn' t going to be "fixed ".

  • In simple terms, the defaultptrace_scopeValue1Blocks one process from examining and modifying another processUnlessThe second process (child) was started by the first process (parent ).

  • This can cause problems with some programs under wine because of the waywineserverProvides "Windows Services" to these programs.

What are the risks in setting ptrace_scopeTo 0?

  • This restores the old behavior where one process can "trace" another process, even if there is no parent-child relationship.

  • In theory, a piece of malware can use this to harm you/your computer; e.g. it can attach to Firefox and log all of your URLs/passwords, etc. in practice this is extremely unlikely unless you blindly install binary Debs from random sites, etc.

  • As far as debugging goes,0Settings is in fact requiredgdb,strace, Etc. To attach to non-children unless you run them with elevated privileges (SUDO ).

What are the problems with the workaround?
  • The workaround is somewhat problematic becauseptrace_scopeIs a global value, and while it's set0, All processes on your system are exempt from the non-Child restriction.
  • If you use the workaround, put it in a simple bash script that enables it, runs your windows program and then disables (sets to 1) on exit.
    • Do notMakeptrace_scopeWorld-Writable (666) as the forum post recommends -- that is a huge security risk because now any process can change it at will!
Is there a better solution?

  • A better solution which is more secure and does not require repetively modifyingPtrace_scopeIs to grant wineserver ptrace capabilities.

    • In a terminal:

      sudo apt-get install libcap2-bin sudo setcap cap_sys_ptrace=eip /usr/bin/wineserversudo setcap cap_sys_ptrace=eip /usr/bin/wine-preloader

    • This exemptsWineserverAndWine-preloaderBinaries from the non-Child ptrace restriction, and allows them to ptrace any process.

    • It only needs to be done once, and is safer because these binaries are usually from a trusted source-the official repositories or the official wine PPA, so they aren't going to be malware.
If you're using crossover

Install libcap2:

sudo apt-get install libcap2-bin;

Then, add an exception for crossover:

sudo setcap cap_sys_ptrace=eip /opt/cxoffice/bin/wineserver;sudo setcap cap_sys_ptrace=eip /opt/cxoffice/bin/wine-preloader;

Finally, add its libraries to lD. so. conf (or you will get "error while loading shared libraries: libwine. so.1: cannot open shared object file: no such file or directory "):

echo /opt/cxoffice/lib/ | sudo tee /etc/ld.so.conf.d/crossover.confsudo /sbin/ldconfig

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
floor and ceiling functions sql commands and functions anchor parts and functions html tags and functions language structures and functions protocols and functions variables and functions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More