On 04/09/2012 07:58 AM, Daniel J Walsh wrote: > As I have stated in the blogs, this would be sad, since the goal of this > feature is to protect the people who would never execute gdb -p, don't even > know what gdb is. IE The vast majority of computer users. So we will make > the system insecure for the majority who will never turn on security features, > since they expect the machine to be secure by default, for the developers who > know fully how to turn off the feature, so they will not be inconvenienced. As a developer of close-to-the-machine software, (C, assembler, debug-the- compiler's-code-generation, debug-the-debugger, debug-signal-handling, ...), I reasonably require "gdb -p <pid>" (PTRACE_ATTACH) to work. If you want to protect "people", then figure out some way to protect them yet allow me to do my work on a usual multi-user system. There should be a per-process PtraceCapability which a child process inherits from its parent. Login removes PtraceCapability; then all PTRACE_* actions fail for that process and its children until the capability is enabled. SELinux allows some [site-dependent] UIDs/GUIDs to turn on PtraceCapability for a session; then all PTRACE_* actions for that session are governed by the old rule that UID of the target process must match the UID of the acting process, or the EUID of the actor must be 0 (root). -- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
