ptrace.2: Further fixes after review from Jann Horn

author Michael Kerrisk <mtk.manpages@gmail.com>

Thu, 23 Jun 2016 07:41:03 +0000 (09:41 +0200)

committer Michael Kerrisk <mtk.manpages@gmail.com>

Wed, 29 Jun 2016 05:06:29 +0000 (07:06 +0200)
author Michael Kerrisk <mtk.manpages@gmail.com>
Thu, 23 Jun 2016 07:41:03 +0000 (09:41 +0200)
committer Michael Kerrisk <mtk.manpages@gmail.com>
Wed, 29 Jun 2016 05:06:29 +0000 (07:06 +0200)
diff --git a/man2/ptrace.2 b/man2/ptrace.2

index 507540ba8cf801446b794cd8f82626800934acfd..82c04ad8acaf90742a241e589ef24a5a3d6c7249 100644 (file)
--- a/man2/ptrace.2
+++ b/man2/ptrace.2
@@ -2183,12 +2183,20 @@ thread group, access is always allowed.
  .IP 2.
  If the access mode specifies
  .BR PTRACE_MODE_FSCREDS ,
-then for the check in the next step,
-employ the caller's filesystem user ID and group ID (see
-.BR credentials (7));
-otherwise (the access mode specifies
+then, for the check in the next step,
+employ the caller's filesystem UID and GID.
+(As noted in
+.BR credentials (7),
+the filesystem UID and GID almost always have the same values
+as the corresponding effective IDs.)
+
+Otherwise, the access mode specifies
  .BR PTRACE_MODE_REALCREDS ,
-so) use the caller's real user ID and group ID.
+so use the caller's real UID and GID for the checks in the next step.
+(Most APIs that check the caller's UID and GID use the effective IDs.
+For historical reasons, the
+.BR PTRACE_MODE_REALCREDS
+check uses the real IDs instead.)
  .IP 3.
  Deny access if
  .I neither
author	Michael Kerrisk <mtk.manpages@gmail.com>
	Thu, 23 Jun 2016 07:41:03 +0000 (09:41 +0200)
committer	Michael Kerrisk <mtk.manpages@gmail.com>
	Wed, 29 Jun 2016 05:06:29 +0000 (07:06 +0200)