Alessandro Ghedini /dev/random

Kernel module to disable ptrace()

I don’t really know why I ended writing this, but it all started as a way to do some Linux module coding.

Anyway, all this module does is overwriting the Linux syscall table, and replacing the ptrace() syscall with a custom one (which does nothing but printing a message).

Now, I’m quite sure there are better ways of doing this, so take the whole code just as a humble example of Linux module development.

The code is also on GitHub, as usual. There you can also find a Makefile to compile the code:

$ make

Then load the module with:

$ sudo insmod noptrace2.ko

And look at the output of dmesg:

$ dmesg | tail -1
[25374.003588] [noptrace2] ptrace syscall disabled

Which means everything went as expected.