Monday 06 July 2026 19:04:15 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

ptrace

A Linux kernel mechanism that lets one process inspect or control another, often used by debuggers.

ptrace is a Linux kernel mechanism that lets one process inspect or control another. It is commonly used by debuggers, tracers, and security tools to read memory, observe system calls, or pause execution for analysis.

In security terms, ptrace is also an access-control boundary. Before allowing inspection, the kernel checks whether the requesting process is permitted to view the target’s state. If those checks are too permissive or misapplied, a local attacker may be able to read sensitive process data, including secrets in memory, authentication material, or protected helper state. That is why ptrace-related bugs can have high impact even without network access. Defenders use ptrace restrictions, capabilities such as CAP_SYS_PTRACE, and hardening policies to reduce abuse, but these controls must be backed by correct kernel logic and timely patching.

← WIKICROOK index