On Mon, 2012-04-09 at 00:31 +0200, Kevin Kofler wrote: > It also > breaks crash reporters such as DrKonqi (for DrKonqi, we work around this by > disabling the flag in kde-runtime's %post script, but there are other > similar debuggers in upstream software, some not packaged in Fedora) I ask in the bug how DrKonqi works on other distros with the YAMA security module enabled which implements a slightly different semantic and didn't hear a response. I have patches which I will try to get into the Fedora kernel later today that will allow us to seamlessly allow gdb to trace children. gdb -p would still require disabling the boolean. (Think about it a moment. gdb -p is the same as firefox trying to ptrace gnome-keyring) My understanding is that DrKonqi wants to be able to ptrace anything run by the user. This is a scary idea. Please help me understand how DrKonqi works on other distros which limit how user applications are able to attack each other with the YAMA module and hopefully we can find a similar was to rectify the situation in Fedora. -Eric -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
