Re: F44 Change Proposal: Mitigate vulnerabilities/attacks by enabling kernel.kptr_restrict and net.core.bpf_jit_harden by default, and by obsoleting a package that risks to accidentally disable kernel.yama.ptrace_scope by default [SystemWide]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Sep 12, 2025 at 3:36 PM Mark Wielaard <mjw@xxxxxxxxxxxxxxxxx> wrote:
>
> As other have pointed out earlier this isn't an accident. This is
> precisely so that when user space observability tools (profilers,
> debuggers, tracers, etc.) are installed they work out of the box.

But it's also clear that "when user space observability tools are
installed they work out of the box" just isn't true right now, because
the yama_ptrace_scope change is applied on *all* systems, regardless
if those tools were installed or not, since the override file is
pulled in into the *base system* and not just by those tools. (Or, I
guess, it *is* true, by default, since the overrides are *always* in
place, even when those tools *aren't* installed ...)

Fabio
-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux