change coming with maverick's 2.6.34-5 kernels
Martin Pitt
martin.pitt at ubuntu.com
Mon May 31 06:21:08 BST 2010
Hello Kees,
first of all, I'm so glad to finally see the /tmp/ and hardlink races
being addressed. And it only took like 10 years for the Linux world to
accept them :-)
Kees Cook [2010-05-30 22:03 -0700]:
> - add a file to /etc/sysctl.d/ that restores the PTRACE scope to "0"
> if a specific package is installed (e.g. ubuntu-dev-tools; something
> that the normal user will not install).
This would be too unexpected and surprising IMHO. I'd rather ship a
file 10-ptrace-security.conf by default with the re-enabling sysctl
commented out, so that it's easy to re-enable without looking for
docs.
Thanks,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the ubuntu-devel
mailing list