On Sun, Apr 8, 2012 at 10:50 PM, Tom Lane <t...@redhat.com> wrote: > And, as I said, the alternative is that this gets turned off, by me > and probably a very large fraction of other Fedora users. How is > that "more secure"?
Perhaps people installing servers in high-risk situations could just not turn it off. OTOH in high-risk situations there are usually quite a few non-default settings, so that's not a great reason. I think a case can be made for disabling ptrace by default to protect ordinary users, at the cost of annoying developers or with one more step - but it's a weak case that would need much more discussion and experience than the originally proposed feature. Kevin's report that this breaks DrKonqi is a fairly good reason not to disable ptrace by default. Mirek -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
