|
Server IP : 172.19.0.2 / Your IP : 216.73.216.178 Web Server : Apache/2.4 System : Linux 880f91b28fd7 5.15.0-117-generic #127~20.04.1-Ubuntu SMP Thu Jul 11 15:36:12 UTC 2024 x86_64 User : tomlinde ( 155017) PHP Version : 5.6.40 Disable Function : dl, syslog, opcache_get_status MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /etc/python3/../sysctl.d/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] | [ Lock Shell ] | [ Logout ] |
|---|
# The PTRACE system is used for debugging. With it, a single user process # can attach to any other dumpable process owned by the same user. In the # case of malicious software, it is possible to use PTRACE to access # credentials that exist in memory (re-using existing SSH connections, # extracting GPG agent information, etc). # # A PTRACE scope of "0" is the more permissive mode. A scope of "1" limits # PTRACE only to direct child processes (e.g. "gdb name-of-program" and # "strace -f name-of-program" work, but gdb's "attach" and "strace -fp $PID" # do not). The PTRACE scope is ignored when a user has CAP_SYS_PTRACE, so # "sudo strace -fp $PID" will work as before. For more details see: # https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace # # For applications launching crash handlers that need PTRACE, exceptions can # be registered by the debugee by declaring in the segfault handler # specifically which process will be using PTRACE on the debugee: # prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0); # # In general, PTRACE is not needed for the average running Ubuntu system. # To that end, the default is to set the PTRACE scope to "1". This value # may not be appropriate for developers or servers with only admin accounts. kernel.yama.ptrace_scope = 1