John Reiser <jreiser@xxxxxxxxxxxx> writes: > gdb nicely gives the work-around for denyPtrace, but the work-around > requires privileges to implement. So far the implementation history > of the denyPtrace feature leads me to fear loss of Functionality and > Usability for software developers. Indeed. This "feature" isn't going to make people more secure if the first thing on everyone's Fedora installation checklist is to turn it off. And that certainly will be on my checklist, if it goes in like this. A possible compromise that might allow software developers to live with the setting would be if the default excluded gdb (and any other tools that normally need ptrace) from its effects. I can see the point of disallowing ptrace from security-exposed things like firefox, but I'm not very worried about gdb being compromised. And, as I said, the alternative is that this gets turned off, by me and probably a very large fraction of other Fedora users. How is that "more secure"? regards, tom lane -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
