Turn the ptrace(2) syscall into a kernel compile option, option PTRACE in

your kernel configuration file.
By default, GENERIC will enable this.

When PTRACE is not enabled, several ptrace-like features of the procfs
filesystem will be disabled as well (namely, the ability to read and write
any process' registers, as well as attching, single stepping and detaching
to/from processes).

This should help paranoid people build better sandboxens, and us to build
smaller ramdisks.

1 files changed, 5 insertions, 1 deletions

diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master
index 9a9a5e90afa..b03342790bd 100644
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@@ -1,4 +1,4 @@
-;	$OpenBSD: syscalls.master,v 1.48 2002/02/22 20:37:45 drahn Exp $
+;	$OpenBSD: syscalls.master,v 1.49 2002/03/14 00:42:25 miod Exp $
 ;	$NetBSD: syscalls.master,v 1.32 1996/04/23 10:24:21 mycroft Exp $
 
 ;	@(#)syscalls.master	8.2 (Berkeley) 1/13/94
@@ -81,8 +81,12 @@
 23	STD		{ int sys_setuid(uid_t uid); }
 24	STD		{ uid_t sys_getuid(void); }
 25	STD		{ uid_t sys_geteuid(void); }
+#ifdef PTRACE
 26	STD		{ int sys_ptrace(int req, pid_t pid, caddr_t addr, \
 			    int data); }
+#else
+26	UNIMPL		ptrace
+#endif
 27	STD		{ ssize_t sys_recvmsg(int s, struct msghdr *msg, \
 			    int flags); }
 28	STD		{ ssize_t sys_sendmsg(int s, \