Re: Bits from the Security Team

To: debian-devel@lists.debian.org
Subject: Re: Bits from the Security Team
From: Guido Günther <agx@sigxcpu.org>
Date: Wed, 5 Mar 2014 20:54:09 +0100
Message-id: <[🔎] 20140305195409.GB23080@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, debian-devel@lists.debian.org
In-reply-to: <20140305190301.GA2912@pisco.westfalen.local>
References: <20140305190301.GA2912@pisco.westfalen.local>

Hi,
the work of the security team is very, very much appreciated!

On Wed, Mar 05, 2014 at 08:03:01PM +0100, Moritz Muehlenhoff wrote:
> * We're planning to request for hidepid to be enabled by default (to 1).
>   This will squash an entire class of information leaks. If you have any
>   comments or objections, please get in touch with us.

I looked at the docs and as I read them this would affect uid 0 as well.
In this case tools like checkrestart and whatmaps wouldn't be able to
detect mapped libraries anymore actually preventing security updates for
running processes. Maybe excempting uid 0 would be good.
Cheers,
 -- Guido

Reply to:

Follow-Ups:
- Re: Bits from the Security Team
  - From: Jakub Wilk <jwilk@debian.org>

Prev by Date: Re: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)
Next by Date: Bug#740886: ITP: libposix-strftime-compiler-perl -- GNU C library compatible strftime for loggers and servers
Previous by thread: Bug#740865: ITP: python-srs -- Python SRS (Sender Rewriting Scheme) library
Next by thread: Re: Bits from the Security Team
Index(es):
- Date
- Thread