/bugtracker

disable ptrace by default via seccomp to reduce kernel attack surface #318

Closed
thestinger opened this Issue Jun 18, 2016 · 1 comment

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
1 participant
@thestinger
@thestinger
Contributor

thestinger commented Jun 18, 2016
edited
Edited 1 time
  • @thestinger thestinger edited Jun 18, 2016

It should only really be available for debuggable apps, and only when they are actually being debugged.

This might need to wait until Android N for minijail. It would be a bit silly to integrate libseccomp as was done in older versions of CopperheadOS when the functionality is going to be in AOSP already.

@thestinger thestinger added the Type: enhancement label Jun 18, 2016

@thestinger thestinger changed the title from disable ptrace by default via seccomp apps to reduce attack surface to disable ptrace by default via seccomp apps to reduce kernel attack surface Jun 18, 2016

@thestinger thestinger changed the title from disable ptrace by default via seccomp apps to reduce kernel attack surface to disable ptrace by default via seccomp to reduce kernel attack surface Jul 1, 2016

@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Sep 21, 2016

Contributor

It's now disabled by default for unprivileged users via Yama.
Contributor

thestinger commented Sep 21, 2016

It's now disabled by default for unprivileged users via Yama.

@thestinger thestinger closed this Sep 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment