DragonFlyBSD Kernel Audit
← dashboard
DF-0113

PT_DETACH reparents tracee to recycled p_oppid PID

Summary

PT_DETACH restores original parent via pfind(p->p_oppid)(:355)+proc_reparent(:357). p_oppid is a bare pid_t set at attach(:314), never revalidated. PIDs recycle. If original parent exits and PID reused by attacker, tracee reparented to wrong process. Confused-reaper: attacker collects exit status/rusage/SIGCHLD of victim.