Re: feature request: use optional memory option code for per process onl

help-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: feature request: use optional memory option code for per process onl

From:	Alex fxmbsw7 Ratchev
Subject:	Re: feature request: use optional memory option code for per process only memory, on newer linux kernels
Date:	Sun, 10 Oct 2021 03:52:21 +0200

hm thank you for the much valueable information
i have currently no pure linux kernel on to test but i keep that info around
thanks

On Sun, Oct 10, 2021, 02:51 Kerin Millar <kfm@plushkava.net> wrote:

> On Sun, 10 Oct 2021 02:33:39 +0200
> Alex fxmbsw7 Ratchev <fxmbsw7@gmail.com> wrote:
>
> > ive seen gdb hacks to use bash functions around other bash processes
> > no idea how that security thing would stack up there
> > i also have no other answer than 'hide all' instead of selected only
>
> This loophole can be generally addressed by setting the
> kernel.yama.ptrace_scope sysctl to >=1. See
> https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html. The
> chances are that your kernel vendor already does this. If not, consider a
> distribution that takes security more seriously. Even where it's set to 0,
> the associated capability is only unconditionally granted to a process
> running under the same uid. While 0 isn't appropriate as a distribution
> default, having it is useful to some people.
>
> --
> Kerin Millar
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: feature request: use optional memory option code for per process only memory, on newer linux kernels, (continued)

Prev by Date: Re: feature request: use optional memory option code for per process only memory, on newer linux kernels
Next by Date: small gnu find question
Previous by thread: Re: feature request: use optional memory option code for per process only memory, on newer linux kernels
Next by thread: small gnu find question
Index(es):
- Date
- Thread