From 5dfeada92dfda580fb20b74a5341b703a14505ff Mon Sep 17 00:00:00 2001
From: Tudor Brindus <me@tbrindus.ca>
Date: Sun, 2 Jun 2024 17:43:07 -0400
Subject: [PATCH] cptbox/isolate: print target of denied `*kill` and `prlimit`
 syscalls

---
 dmoj/cptbox/isolate.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/dmoj/cptbox/isolate.py b/dmoj/cptbox/isolate.py
index b9efab208..d7d6fd646 100644
--- a/dmoj/cptbox/isolate.py
+++ b/dmoj/cptbox/isolate.py
@@ -390,13 +390,15 @@ def _access_check(self, debugger: Debugger, file: str, fs_jail: FilesystemPolicy
 
     def handle_kill(self, debugger: Debugger) -> None:
         # Allow tgkill to execute as long as the target thread group is the debugged process
-        # libstdc++ seems to use this to signal itself, see <https://github.com/DMOJ/judge/issues/183>
-        if debugger.uarg0 != debugger.pid:
-            raise DeniedSyscall(ACCESS_EPERM, 'Cannot kill other processes')
+        # libstdc++ seems to use this to signal itself, see <https://github.com/DMOJ/judge/issues/18A3>
+        target = debugger.uarg0
+        if target != debugger.pid:
+            raise DeniedSyscall(ACCESS_EPERM, f'Cannot kill other processes (target={target}, self={debugger.pid})')
 
     def handle_prlimit(self, debugger: Debugger) -> None:
-        if debugger.uarg0 not in (0, debugger.pid):
-            raise DeniedSyscall(ACCESS_EPERM, 'Cannot prlimit other processes')
+        target = debugger.uarg0
+        if target not in (0, debugger.pid):
+            raise DeniedSyscall(ACCESS_EPERM, f'Cannot prlimit other processes (target={target}, self={debugger.pid})')
 
     def handle_prctl(self, debugger: Debugger) -> None:
         PR_GET_DUMPABLE = 3