Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Special Cases for CTE Policies

Blocking ptrace system calls to prevent process injection attacks

search

Please Note:

printsuggest an editpdf paneldownload

Blocking ptrace system calls to prevent process injection attacks

To prevent a process injection attack, which could lead to access to encrypted data by a tampered process, Thales implemented a global blocking for the ptrace system call. The purpose of this feature is to provide configurable options for disabling the ptrace system call based on user need. CTE provides toggle options on CipherTrust Manager based on the dynamic parameter which allows a security administrator to select which binaries are protected from ptrace attachment.

Note

This change can be very invasive and block legitimate uses of the ptrace system call.

copy link to clipboardOptions

There are three new options:

Enabled_For_Authenticators

The CTE binaries and the binaries specified in the authenticator list are protected from the ptrace attachment. Other binaries are not protected from the ptrace attachment. (Default behavior)

Enabled_For_All

All of the installed binaries are protected from ptrace attachment. This protects from a tampered processes causing process injection attacks through the ptrace attach call.

Disabled_For_All

The CTE binaries are protected from ptrace attachment but the binaries specified in the authenticator list are allowed to attach to a ptrace system call. This solves the problem of a user trying to attach a ptrace system call to one of the binaries specified in the authenticator list for other use cases. Other binaries are not protected from the ptrace attachment.

Note

If you select Disabled for All, make sure that you set the log level on CipherTrust Manager to WARN or higher. If it is set to the default log level of ERROR, there will not be any messages related to ptrace logged in the vmd.log file.

copy link to clipboardConfiguration

To configure blocking the ptrace system call:

  1. Log on to CipherTrust Manager.

  2. Click Transparent Encryption.

  3. Click on the desired client name to open it.

  4. In the Advanced Security Configuration, click View/Edit Settings link.

  5. Select the appropriate option and click save.

On this page