[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: feature request: use optional memory option code for per process onl
|
From: |
Kerin Millar |
|
Subject: |
Re: feature request: use optional memory option code for per process only memory, on newer linux kernels |
|
Date: |
Sun, 10 Oct 2021 01:51:12 +0100 |
On Sun, 10 Oct 2021 02:33:39 +0200
Alex fxmbsw7 Ratchev <fxmbsw7@gmail.com> wrote:
> ive seen gdb hacks to use bash functions around other bash processes
> no idea how that security thing would stack up there
> i also have no other answer than 'hide all' instead of selected only
This loophole can be generally addressed by setting the
kernel.yama.ptrace_scope sysctl to >=1. See
https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html. The chances
are that your kernel vendor already does this. If not, consider a distribution
that takes security more seriously. Even where it's set to 0, the associated
capability is only unconditionally granted to a process running under the same
uid. While 0 isn't appropriate as a distribution default, having it is useful
to some people.
--
Kerin Millar
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, (continued)
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Lawrence Velázquez, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Alex fxmbsw7 Ratchev, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Greg Wooledge, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Alex fxmbsw7 Ratchev, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Lawrence Velázquez, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Alex fxmbsw7 Ratchev, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Kerin Millar, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Alex fxmbsw7 Ratchev, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Kerin Millar, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Alex fxmbsw7 Ratchev, 2021/10/09
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels,
Kerin Millar <=
- Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, Alex fxmbsw7 Ratchev, 2021/10/09