From 2013be14f216081e3ea62b98b79c4ce3e2f17bfa Mon Sep 17 00:00:00 2001 From: Bobby Powers Date: Sun, 24 Sep 2017 17:30:41 -0400 Subject: [PATCH 1/2] ptrace: add PTRACE_O_EXITKILL option It is a somewhat newer option -- it requires Linux 3.8. --- src/sys/ptrace.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/sys/ptrace.rs b/src/sys/ptrace.rs index 64b523c3f5..43a78862a0 100644 --- a/src/sys/ptrace.rs +++ b/src/sys/ptrace.rs @@ -116,6 +116,10 @@ libc_bitflags! { /// Stop tracee when a SECCOMP_RET_TRACE rule is triggered. See `man seccomp` for more /// details. PTRACE_O_TRACESECCOMP; + /// Send a SIGKILL to the tracee if the tracer exits. This is useful + /// for ptrace jailers to prevent tracees from escaping their control. + #[cfg(any(target_os = "android", target_os = "linux"))] + PTRACE_O_EXITKILL; } } From 313d2e3b809f756686d9423d4204efe3b317c84d Mon Sep 17 00:00:00 2001 From: Bobby Powers Date: Mon, 30 Oct 2017 10:53:50 -0400 Subject: [PATCH 2/2] doc: add changelog entry for PTRACE_O_EXITKILL --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 13a7104b8a..0f2d075494 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). ([#768](https:://github.com/nix-rust/nix/pull/768)) - Added `nix::unistd::mkfifo`. ([#602](https://github.com/nix-rust/nix/pull/774)) +- Added `ptrace::Options::PTRACE_O_EXITKILL` on Linux and Android. + ([#771](https://github.com/nix-rust/nix/pull/771)) ### Changed - Renamed existing `ptrace` wrappers to encourage namespacing ([#692](https://github.com/nix-rust/nix/pull/692))