Hacker News new | past | comments | ask | show | jobs | submit login

If these things are true, author is talking about true, why are they not set to hardened by default?

Why is ptrace enabled by default, rather than disabled? Why is /proc visible to any other process? Why aren’t the ASLR bits already set to 32?

This of course leads to the question, why is there even a way to change this and why don’t we live in a opt-out world? This reminds me about that whole Apple vs. Facebook discussion again




> Why is ptrace enabled by default, rather than disabled?

because it's useful to be able to attach to a running process with gdb


If you want to use it you can unlock it. Why is it unlocked by default?


Because unlocking it requires root and users who want to submit a crash report may not have root privileges on the system.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: