Allow users to debug their processes #119
Merged
+11
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ubuntu restricts ptrace by default, and only allows a process to debug its own child processes. This is limiting the ability of developers to use the dev desktops to analyze and debug their work. The default scope for ptrace has been changed to `0`, allowing users to debug their own processes. This carries with it the risk that malicious code can interact with any process that a user created. We deem this to be acceptable in this specific use case, as the dev desktops are intended to be used only for the development of Rust and have, by design, no user data or credentials that could be extracted.
jdno
commented
Sep 22, 2022
| @@ -172,3 +179,18 @@ | |||
| src: sudoers | |||
| dest: /etc/sudoers.d/dev-desktop | |||
| mode: 0440 | |||
|
|
|||
| - name: Reboot to apply sysctl changes | |||
There was a problem hiding this comment.
I am not sure if rebooting as part of the role can cause issues with existing workflows. A reboot is definitely required after changing kernel.yama.ptrace_scope, but maybe there is a better way to ensure that it happens.
(This will also come up with the quotas, since they require a restart as well to enable the feature.)
There was a problem hiding this comment.
Can we do the reboot with a handler? That way if multiple steps require a reboot we only do it once.
There was a problem hiding this comment.
There is also a reboot module.
There was a problem hiding this comment.
Oh my. The module is so nice. Role has been updated to use a handler and the module. 👍
pietroalbini
approved these changes
Sep 30, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ubuntu restricts ptrace by default, and only allows a process to debug its own child processes. This is limiting the ability of developers to use the dev desktops to analyze and debug their work.
The default scope for ptrace has been changed to
0, allowing users to debug their own processes. This carries with it the risk that malicious code can interact with any process that a user created. We deem this to be acceptable in this specific use case, as the dev desktops are intended to be used only for the development of Rust and have, by design, no user data or credentials that could be extracted.Requested in #113