[arch-general] [arch-dev-public] Trimming down our default kernel configuration

Leonid Isaev lisaev at umail.iu.edu
Wed Mar 26 16:31:41 EDT 2014


On Wed, 26 Mar 2014 21:00:15 +0100
Thomas Bächler <thomas at archlinux.org> wrote:

> Am 26.03.2014 20:18, schrieb Leonid Isaev:
> > However, I don't think that Yama requires any userspace components, does
> > it? Currently, I boot with "security=yama" and completely disabled
> > non-admin ptrace (kernel.yama.ptrace_scope=2). Perhaps -ARCH kernels
> > should keep Yama available albeit disabled by default (as they now do).
> 
> Once yama is built-in, the ptrace_scope protection is enabled by
> default. There is no option to change that.
> 

But by default, kernel.yama.ptrace_scope = 0, which according to documentation
(Yama.txt) is like having no ptrace restriction at all, and indeed gdb/strace
work...

Best,
-- 
Leonid Isaev
GnuPG key fingerprint: C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140326/ee182f3f/attachment.asc>


More information about the arch-general mailing list