On 2013-06-19 10:44:39 -0700, Kees Cook wrote:
> This is what /etc/sysctl.d/ is for: changing defaults.
Yes, but IMHO, the default is not fine (see below).
> There are, in fact, real protections with this change. Namely, the delay of
> attack expansion. Take the case of a server being attacked. I
On Wed, Jun 19, 2013 at 10:44:39AM -0700, Kees Cook wrote:
> This is what /etc/sysctl.d/ is for: changing defaults.
>
> There are, in fact, real protections with this change. Namely, the delay of
> attack expansion. Take the case of a server being attacked. If there are
> ssh connections left open
This is what /etc/sysctl.d/ is for: changing defaults.
There are, in fact, real protections with this change. Namely, the delay of
attack expansion. Take the case of a server being attacked. If there are
ssh connections left open from that machine, without the ptrace
restrictions, an attacker can
3 matches
Mail list logo
