Roberto Ragusa wrote:
> Auditors are constantly proposing disabling features and making things
> inconvenient, undebuggable, inefficient and substantially annoying to
> operate.
>
> They should instead learn some basic concepts of security.
> For example: if you are running a process, even in a VM or container, you
> have to trust the administrator of the host system. And that's it.
+1. Disabling important debugging tools in the name of "security" is a no
go. Also goes for ptrace etc.
The worst invasive security nightmares actually come from the security folks
themselves, e.g., auditd, which keeps a meticulous log of just about
everything you do that the NSA (or other countries' equivalent) can
conveniently read if they ever manage to compromise your computer. That
contraption is one of the first things I disable on my computers!
Kevin Kofler
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
