Package: procps Version: 2:3.3.15-2 Severity: normal In analogy with bug #889098, procps should by default enabling the regular file and FIFO protection added in 4.19 by setting:
fs.protected_regular = 1 fs.protected_fifos = 1 This will be done by default in systemd 241, but as Debian does not use Systemd's sysctl settings, it should be made in procps. References: https://github.com/torvalds/linux/commit/30aba6656f https://github.com/systemd/systemd/commit/2732587540035227fe59e4b64b60127352611b35 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889098 -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (400, 'unstable'), (250, 'stable'), (160, 'experimental'), (100, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/12 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages procps depends on: ii init-system-helpers 1.56+nmu1 ii libc6 2.28-5 ii libncurses6 6.1+20181013-1 ii libncursesw6 6.1+20181013-1 ii libprocps7 2:3.3.15-2 ii libtinfo6 6.1+20181013-1 ii lsb-base 10.2018112800 Versions of packages procps recommends: ii psmisc 23.2-1 procps suggests no packages. -- no debconf information
