Re: [PATCH] ptrace: it is fun to strace /sbin/init

[Oleg Nesterov]

On 03/24, Andrew Morton wrote:
>
> On Sun, 23 Mar 2008 16:51:10 +0300
> Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> 
> > Ptracing of /sbin/init is not allowed. Of course, this is dangerous, but may
> > be useful. Introduce the kernel boot parameter to allow this, so that we can't
> > surprise some special/secured systems.
> 
> I dunno, is this really needed?

Well, this is the question. I think it would be very nice to have the ability
to debug/strace init. Especially if you try to make your own distribution /
your own init.

Sometimes I see init at the top of the top's output, with this patch I have a
chance to see what's going on on my system.

> If root wants to screw up his kernel then
> he is free to do so.

I think you and Pavel are very wrong here.

First, this has nothing to do with kernel, imho. Afaics, now there are no kernel
problems with ptracing init.

And. When I was admin in my previous life, I certainly was not able to patch
the kernel and then strace/debug init.

> And if we *really* want an extra foot-protector for this, it could be a
> runtime /proc/sys/kernel/root-can-shoot-inits-foot rather than a boot-time
> option?

Even better! I agree, will re-send. I choose the boot-time paramater because
it looks like the "most safe" option.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/