On Mon, Apr 28, 2008 at 12:51:48AM +0200, Thomas Viehmann wrote:
Colin Watson wrote:I think it was my suggestion to Martin in the first place, so no, I don't have any objection. :-) I haven't been following the thread, though - has there been general consensus on this?I must say that the thread did not do much to convince me.[1]
The only benefit that this has is to prevent programs from spying on other programs run by the same user. I don't know about you, but I don't run arbitrary programs on my system, so if there is any process spying on my ssh-agent, then either: 1) it came from Debian, in which case I suggest we handle that program like micq (which had a malicious upstream); or 2) I wrote it myself, in which case I obviously designed it to do exactly that. So basically, the only interesting case is that Debian is shipping some program that surreptitiously spies on other programs. Is that the case? I don't see how we gain any benefit by disabling ptrace. All it prevents me from doing is snooping on my own programs, which I might want to do for any number of reasons (strace comes to mind). IANADD. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature