SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Matthew Garrett
mjg59 at srcf.ucam.org
Mon Apr 9 21:06:31 UTC 2012
On Mon, Apr 09, 2012 at 04:55:27PM -0400, Daniel J Walsh wrote:
> And guess what I use these tools, and I just execute setsebool deny_ptrace 0
> anytime I need to strace or debug an application, then I turn it back on when
> I am done.
Are we able to determine that strace or gdb have been explicitly started
by the user rather than from some more confined application?
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the devel
mailing list