On 17/11/2025 18.58, Zbigniew Jędrzejewski-Szmek wrote:
On Mon, Nov 17, 2025 at 05:44:28PM +0000, Christopher Klooz wrote:
"Disable ptrace for unprivileged users by default"
Yes please.
I would stick with the suggestion of Fabio (see the discourse link above), as
this one is not 100% true, even if this is likely to be the practical outcome
in most cases. Keep in mind that child processes will not be affected, even in
unprivileged contexts.
Sure. But a title is not supposed to explain the details.
If the title has a parenthised part, then that's a good sign
that it is too long.
I already observed in the first debate (now again) that in the ptrace_scope
part, people regularly introduce, somehow intuitive, assumptions about this
breaking software development at all or to render all ptrace in user accounts
unusable leaving users no alternative but root or so, and thus responding in
the debate correspondingly to these assumptions.
Since I am not sure if I can tackle this every time it becomes "incorporated"
again (a thunderbird bug currently makes it 5 minutes for me to answer one email), I
think this title should hint the reader at first glance that it cannot be that worse, as
other developer distributions do it too, along with kernel default, new title suggestion:
> Restrict ptrace for unprivileged users to child processes by default,
following ArchLinux,openSuSE,Ubuntu and kernel default (mitigates attack vectors)
the first 10 words make the point you and Daniel asked for, the second part
adds the hint to at least challenge the assumptions that regularly occurred
again (the part in brackets is for the audience type of Discourse, about how to
categorize it to identify at first glance if this is important to them or not)
Zbyszek
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
