Gecko [ fernandoquevedodop.com ]

Name	Size	Permission
10-console-messages.conf	77 B	-rw-r--r--
10-ipv6-privacy.conf	490 B	-rw-r--r--
10-kernel-hardening.conf	1.2 KB	-rw-r--r--
10-magic-sysrq.conf	1.16 KB	-rw-r--r--
10-network-security.conf	158 B	-rw-r--r--
10-ptrace.conf	1.26 KB	-rw-r--r--
10-zeropage.conf	506 B	-rw-r--r--
60-inotify.conf	129 B	-rw-r--r--
99-cloudimg-ipv6.conf	138 B	-rw-r--r--
99-sysctl.conf	4.63 KB	-rw-r--r--
README.sysctl	798 B	-rw-r--r--

Code Editor : 10-ptrace.conf

# The PTRACE system is used for debugging.  With it, a single user process
# can attach to any other dumpable process owned by the same user.  In the
# case of malicious software, it is possible to use PTRACE to access
# credentials that exist in memory (re-using existing SSH connections,
# extracting GPG agent information, etc).
#
# A PTRACE scope of "0" is the more permissive mode.  A scope of "1" limits
# PTRACE only to direct child processes (e.g. "gdb name-of-program" and
# "strace -f name-of-program" work, but gdb's "attach" and "strace -fp $PID"
# do not).  The PTRACE scope is ignored when a user has CAP_SYS_PTRACE, so
# "sudo strace -fp $PID" will work as before.  For more details see:
# https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace
#
# For applications launching crash handlers that need PTRACE, exceptions can
# be registered by the debugee by declaring in the segfault handler
# specifically which process will be using PTRACE on the debugee:
#   prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0);
#
# In general, PTRACE is not needed for the average running Ubuntu system.
# To that end, the default is to set the PTRACE scope to "1".  This value
# may not be appropriate for developers or servers with only admin accounts.
kernel.yama.ptrace_scope = 1

${this.title}

Code Editor : 10-ptrace.conf