/* Disable ptrace for non-root users.
 * Compile with: gcc -I/usr/src/linux/include -c noptrace.c
 * ats@offog.org, based heavily upon:
 * Noodoplossing voor de ptrace race vuln
 * anti-ptrace.c by sacrine, netric.org
 */
 
#define __KERNEL__
#define MODULE
#define LINUX
 
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/types.h>
#include <linux/version.h>
#include <linux/slab.h>
#include <linux/sched.h>
#include <linux/fs.h>
#include <linux/ctype.h>
#include <linux/tty.h>
#include <sys/syscall.h>
 
#include <linux/ptrace.h>
 
int (*o_ptrace)(long request, long pid, long addr, long data);
 
extern void* sys_call_table[];
 
int anti_ptrace(long request, long pid, long addr, long data) {
  if (current->uid == 0) {
    return o_ptrace(request, pid, addr, data);
  } else {
    printk("warning: ptrace() called by pid %i uid %i\n",
	   current->pid, current->uid);
    return -EPERM;
  }
}
 
int init_module(void) {
  o_ptrace = sys_call_table[SYS_ptrace];
  sys_call_table[SYS_ptrace] = anti_ptrace;
    
  printk("anti-ptrace kernel module loaded\n");
    
  return 0;
}
 
void cleanup_module(void) {
  sys_call_table[SYS_ptrace] = o_ptrace;
}