On Mon, Apr 28, 2008 at 12:51:48AM +0200, Thomas Viehmann wrote:
Colin Watson wrote:I think it was my suggestion to Martin in the first place, so no, I don't have any objection. :-) I haven't been following the thread, though - has there been general consensus on this?I must say that the thread did not do much to convince me.
The only benefit that this has is to prevent programs from spying on other programs run by the same user. I don't know about you, but I don't run arbitrary programs on my system, so if there is any process spying on my ssh-agent, then either: 1) it came from Debian, in which case I suggest we handle that program like micq (which had a malicious upstream); or 2) I wrote it myself, in which case I obviously designed it to do exactly that. So basically, the only interesting case is that Debian is shipping some program that surreptitiously spies on other programs. Is that the case? I don't see how we gain any benefit by disabling ptrace. All it prevents me from doing is snooping on my own programs, which I might want to do for any number of reasons (strace comes to mind). IANADD. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Description: Digital signature