SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Daniel J Walsh
dwalsh at redhat.com
Thu Apr 12 20:01:58 UTC 2012
On 04/12/2012 02:39 PM, Mark Wielaard wrote:
> On Mon, Apr 09, 2012 at 09:38:40AM -0400, Eric Paris wrote:
>> (Think about it a moment. gdb -p is the same as firefox trying to ptrace
>> gnome-keyring)
>
> I thought a bit about it. And now I am even more confused :)
>
> It seems you are already not allowed to ptrace gnome-keyring-daemon (or
> ssh-agent because that is setuid). So is there a better example than
> gnome-keyring or ssh-agent to show why we would like to clobber ptrace
> globally?
>
> Thanks,
>
> Mark
Ok kinit, ssh, pwsafe ...
evince ptracing firefox
More information about the devel
mailing list