Quando você remove o atributo dumpable, um monte de /proc/<pid>/
arquivos e links se torna ilegível por outros processos, até mesmo de propriedade do usuário.
A prctl
manpage diz:
Processes that are not dumpable can not be attached via ptrace(2) PTRACE_ATTACH; see ptrace(2) for further details.
If a process is not dumpable, the ownership of files in the process's
/proc/[pid]
directory is affected as described in proc(5).
E a proc
manpage diz:
/proc/[pid]
Each
/proc/[pid]
subdirectory contains the pseudo-files and directories described below. These files are normally owned by the effective user and effective group ID of the process. However, as a security measure, the ownership is made root:root if the process's "dumpable" attribute is set to a value other than 1.
E, finalmente, a ptrace
manpage diz:
Ptrace access mode checking
Various parts of the kernel-user-space API (not just
ptrace()
operations), require so-called "ptrace access mode" checks, whose outcome determines whether an operation is permitted (or, in a few cases, causes a "read" operation to return sanitized data).(...)
The algorithm employed for ptrace access mode checking determines whether the calling process is allowed to perform the corresponding action on the target process. (In the case of opening
/proc/[pid]
files, the "calling process" is the one opening the file, and the process with the corresponding PID is the "target process".) The algorithm is as follows:(...)
- Deny access if the target process "dumpable" attribute has a value other than 1 (...), and the caller does not have the
CAP_SYS_PTRACE
capability in the user namespace of the target process.