Mike Jensen

@erik-krogh You should now have access to the repo https://github.com/gravitational/cloud-codeql-testing That contains the minimal code needed for reproduction. In the README I specified the exact commands I used to validate...

I am impressed! Thank you for your work! I am happy to test once it's included in a release.

This is a complex question, in short I do believe there is a risk here. This was difficult to search for, so I am mostly looking at the man pages...

> a process that starts privileged and then sheds privileges via setuid() is still not ptraceable by the new UID I looked into this, and it appears generally you're correct....

The code that I originally produced this from is proprietary and pretty complicated. However I was able to create a smaller example which reproduces this: https://gist.github.com/jentfoo/9bec96163e2f4085a3c4

Thanks for the info and continual help @rrutt ...sorry it took me so long to msg back. I was able to update most of our code to work within these...