-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-18:16.ptrace Errata Notice
The FreeBSD Project
Topic: kernel panic upon ptrace attach to stopped process
Category: core
Module: kernel
Announced: 2018-12-19
Credits: John Baldwin, Konstantin Belousov
Affects: FreeBSD 11.2
Corrected: 2018-11-09 17:43:23 UTC (stable/11, 11.2-STABLE)
2018-12-19 17:52:56 UTC (releng/11.2, 11.2-RELEASE-p7)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
ptrace(2) is a system call used by debuggers and related utilities
to take control of a process and inspect its state. To use the
interface, a debugger must first attach to a target process. Once
attached, the ptrace interface allows the debugger to intercept events,
such as signal delivery, involving the target process.
II. Problem Description
The ptrace(2) implementation in FreeBSD 11.2 contains a bug such that
a ptrace attach operation will trigger a kernel panic if the target
process is in a stopped state.
III. Impact
Users debugging a problem with, for example, gdb, may cause the system to
crash.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +30 "Rebooting for FreeBSD errata update"
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 11.2]
# fetch https://security.FreeBSD.org/patches/EN-18:16/ptrace.patch
# fetch https://security.FreeBSD.org/patches/EN-18:16/ptrace.patch.asc
# gpg --verify ptrace.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/11/ r340290
releng/11.2/ r342224
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:16.ptrace.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwanjhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKOqQ//fJgy4vjyoteYlSq6DagrgleiA9DkM13OsGxqGPOyA5+H+aI4ZtD3mqcK
u9p1eP3AA3sF5RLMvOpAMvJPYv1XMmHLm/15vGhjiLT7xK82jzH9Ic72hBnv6xm6
lzp2L7dUKQaXwv6AUR9tF6MQXRBlC5FtI3Tf8ajUsNHCA+lMXx2pjYoG6/gWroXn
ycotsBYRicW6n6fJ+tTv9eVEI237+l+KUzqNH26e9Q6wkWtv4UNB5/FAauN6zovF
AJSLs9eTa7QlxsGbJwh/EYuSjw085n9jIFVeMQPN3kIvDHbk59mymSpE6W37QRj0
c1Kq/nBI4WARrWvRf5KdZYXVJ/iKU3ndulE2gfmetbmHzCM4c7FcQaPqLM5htvfz
sUbu3o3Vq/0/XFj1nyxjX8YIxdveRaopi8rWASyq7JfsieUZt5RPSZM9QgbmoB45
9fLCFMdMT2kBAUknIxoxlMAOzZV9p0d41Vu6M83Km5TC5iGItpYusScPh6qmxxC9
WQwh6MzeabGEIFcxv6mCj4IcWGdDevcCIUW/mQBzPFJTdFQwq+A6HdHsNHJSQYZy
okY/P/CzUjupMYMLdbLjsxx7256Tm4wC2PVtvsyVZY/82IT0HGBq7pAp38R+3ANQ
FieQ+S0F0IKZlyNnGGghbH+YYIsehqC24eoymeUFZDias7vyq1A=
=5T6c
-----END PGP SIGNATURE-----