Marius Schwarz wrote on Fri, Sep 12, 2025 at 04:13:33PM +0200: > Am 12.09.25 um 15:46 schrieb Daniel P. Berrangé: > > I wouldn't have realized it was proposing > > to break use of gdb & strace out of the box if someone had > > not mentioned in here. > > A real-world example: > > if strace does no longer work, you would i.e. not be able to live > debug a php cgi-scripts answere via a https connection, that you do > not do yourself (with curl) or is contained i.e. in Thunderbird > CalDav. I just had that problem a few days ago, and it was the only > way to see the real request & response. ( Which then let to a > Thunderbird Bug Mozilla does not yet know of) > > I'm not against the kernel protection measure, but it must be ensured, > that it can be disabled at boot time. This doesn't prevent the root user from attaching an arbitrary process, so for the average developer assuming they can get root it doesn't really harm much. Regular users can also run the full command under strace or gdb, it's just attaching later to other parts of the process tree that is forbidden. (At that point you could say that gdb shouldn't be run as root, but that's another problem... But then the sysctl can always be set again if it's really not welcome) -- Dominique Martinet | Asmadeus -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
