Created
November 20, 2017 15:26
-
-
Save doughgle/e3a8c350dbf2370e69212f8b91fa4c88 to your computer and use it in GitHub Desktop.
Linux kernel 4.14 patch to disguise TracerPid in /proc/*/status
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit acc0182c3d3869802bc20c8bf4e04c3464936bcc | |
Author: Douglas Hellinger <[email protected]> | |
Date: Sun Nov 19 22:48:46 2017 +0800 | |
Fix tracerPid=0 in /proc | |
diff --git a/fs/proc/array.c b/fs/proc/array.c | |
index 6f6fc16..bcf470d 100644 | |
--- a/fs/proc/array.c | |
+++ b/fs/proc/array.c | |
@@ -171,7 +171,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |
tracer = ptrace_parent(p); | |
if (tracer) | |
- tpid = task_pid_nr_ns(tracer, ns); | |
+ // hide TracerPid | |
+ tpid = 0; | |
tgid = task_tgid_nr_ns(p, ns); | |
ngid = task_numa_group_id(p); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Be nice if you could get this accepted upstream with a kernel flag. Microsoft is using this in a futile attempt to lock down their products https://unix.stackexchange.com/q/413697/3285