diff options
| author | Jonathon Reinhart <jrreinhart@google.com> | 2025-09-24 15:23:13 +0000 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2025-10-05 21:49:19 +0200 |
| commit | cac61082e454b74fc90d08cddb162fb871eb4bbd (patch) | |
| tree | a390998c85979e8b57d120c4f48c69a926cf1c9d | |
| parent | 1a825490f70e92b23de07b5179dc79e4f82a92a3 (diff) | |
| download | man-pages-cac61082e454b74fc90d08cddb162fb871eb4bbd.tar.gz | |
man/man7/capabilities.7: Expand CAP_SYS_PTRACE to include /proc
CAP_SYS_PTRACE is required (via ptrace_may_access) for accessing various
things in /proc, so include it in the CAP_SYS_PTRACE bullet list.
Also, add a hint that other things throughout the kernel may check this
via ptrace_may_access().
Signed-off-by: Jonathon Reinhart <jrreinhart@google.com>
Message-ID: <20250924152313.1902586-1-jrreinhart@google.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
| -rw-r--r-- | man/man7/capabilities.7 | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/man/man7/capabilities.7 b/man/man7/capabilities.7 index f8b389f1ed..54f663d7b6 100644 --- a/man/man7/capabilities.7 +++ b/man/man7/capabilities.7 @@ -625,6 +625,15 @@ Use Trace arbitrary processes using .BR ptrace (2); .IP \[bu] +inspect sensitive information of other processes via +.I /proc +(e.g., reading +.IR /proc/ pid /maps , +.IR /proc/ pid /mem , +or reading symbolic links +.IR /proc/ pid /exe , +.IR /proc/ pid /fd/* ); +.IP \[bu] apply .BR get_robust_list (2) to arbitrary processes; @@ -635,7 +644,12 @@ and .BR process_vm_writev (2); .IP \[bu] inspect processes using -.BR kcmp (2). +.BR kcmp (2); +.IP \[bu] +perform other privileged process-inspection and debugging operations. +(See uses of the +.IR ptrace_may_access () +kernel function.) .RE .PD .TP |