change coming with maverick's 2.6.34-5 kernels
Kees Cook
kees at ubuntu.com
Tue Jun 1 22:29:04 BST 2010
On Sun, May 30, 2010 at 10:03:45PM -0700, Kees Cook wrote:
> I'm curious what other people would recommend. Once there's some
> consensus, I will go implement it. :)
It sounds like the following things should be done to reduce surprise and
maximize education for the PTRACE change:
- add /etc/sysctl.d/10-ptrace.conf to procps with a full description of
the sysctl so that there is a central common place to toggle the setting.
- patch gdb, strace, and ltrace to have verbose error messages when
encountering the EPERM condition, pointing people to options of either
using sudo or using the sysctl.
- add a release-note describing the change.
Does this sound sufficiently complete?
Thanks,
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-devel
mailing list