oss-sec mailing list archives

Re: Logic bug in the Linux kernel's __ptrace_may_access() function

From: Qualys Security Advisory <qsa () qualys com>
Date: Fri, 15 May 2026 10:23:21 +0000

Hi Salvatore, all,

On Fri, May 15, 2026 at 07:12:08AM +0200, Salvatore Bonaccorso wrote:

I'm not 100% certain, but setting restrictive kernel.yama.ptrace_scope
might as well serve as temporary workaround. Can you confirm?


Excellent question, thank you very much! We have just now tried, and
setting /proc/sys/kernel/yama/ptrace_scope to 2 (admin-only attach) or 3
(no attach) does in fact protect against all the exploits that we know
of (but in theory at least other exploitation methods might exist).

Thanks again! With best regards,

-- 
the Qualys Security Advisory team

Current thread:

Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 14)
- Re: Logic bug in the Linux kernel's __ptrace_may_access() function Sam James (May 14)
  - Re: Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso (May 14)
    - Re: Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso (May 14)
    - Re: Logic bug in the Linux kernel's __ptrace_may_access() function Sam James (May 15)
    - Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 15)
    - Re: Logic bug in the Linux kernel's __ptrace_may_access() function David Gonzalez (May 15)
- Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 15)
- Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 20)
- Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 20)
  - Re: Re: Logic bug in the Linux kernel's __ptrace_may_access() function Simon McVittie (May 21)