Kernel module to disable ptrace()
I don’t really know why I ended writing this, but it all started as a way to do some Linux module coding.
Anyway, all this module does is overwriting the Linux syscall table, and replacing
ptrace() syscall with a custom one (which does nothing but printing a
Now, I’m quite sure there are better ways of doing this, so take the whole code just as a humble example of Linux module development.
The code is also on GitHub, as usual. There you can also find a
to compile the code:
Then load the module with:
$ sudo insmod noptrace2.ko
And look at the output of
$ dmesg | tail -1 [25374.003588] [noptrace2] ptrace syscall disabled
Which means everything went as expected.