Contributed by Dengue on from the cool-new-features dept.
From the commit message to
Turn the ptrace(2) syscall into a kernel compile option, option PTRACE in
your kernel configuration file.
By default, GENERIC will enable this.
When PTRACE is not enabled, several ptrace-like features of the procfs
filesystem will be disabled as well (namely, the ability to read and write
any process' registers, as well as attching, single stepping and detaching
This should help paranoid people build better sandboxens, and us to build
On behalf of all the paranoid people with aluminium foil over their windows, thank you Miod.
I think I need topic artwork for "Current". Any volunteers?
(Comments are closed)