SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Kevin Kofler
kevin.kofler at chello.at
Tue Apr 10 02:33:45 UTC 2012
Michael Cronenworth wrote:
> John Reiser wrote:
>> I reasonably require "gdb -p <pid>" (PTRACE_ATTACH) to work. If you want
>> to protect "people", then figure out some way to protect them yet allow
>> me to do my work on a usual multi-user system.
>
> They have figured out a way: It's controlled by a boolean.
>
> You can disable (or enable) this feature at any time.
Only root can do it "on a usual multi-user system". He can't.
Kevin Kofler
More information about the devel
mailing list