在 Debian 上禁用 ptrace

Question 1

尝试：echo 0 > /proc/sys/kernel/yama/ptrace_scope

Answer

尝试：echo 0 > /proc/sys/kernel/yama/ptrace_scope

Question 2

聚会迟到了，情节出现巨大转折：

根据linux-audit.com- 对于这个 [yama/ptrace_scope] 键，有四个有效选项：0-3

kernel.yama.ptrace_scope = 0: all processes can be debugged, as long as they have same uid. This is the classical way of how ptracing worked.
kernel.yama.ptrace_scope = 1: only a parent process can be debugged.
kernel.yama.ptrace_scope = 2: Only admin can use ptrace, as it required CAP_SYS_PTRACE capability.
kernel.yama.ptrace_scope = 3: No processes may be traced with ptrace. Once set, a reboot is needed to enable ptracing again.

=> 值 0 为所有进程启用 ptrace，而不是禁用它。

请注意，如果将此值更改为 2 或 3，则在重新启动时似乎会恢复为 0。您需要调整启动标志或找到其他解决方案（我尚未找到 - 如果找到解决方案，我会及时通知您，因为这涉及公共机器上的关键安全考虑）

Answer

聚会迟到了，情节出现巨大转折：

根据linux-audit.com- 对于这个 [yama/ptrace_scope] 键，有四个有效选项：0-3

kernel.yama.ptrace_scope = 0: all processes can be debugged, as long as they have same uid. This is the classical way of how ptracing worked.
kernel.yama.ptrace_scope = 1: only a parent process can be debugged.
kernel.yama.ptrace_scope = 2: Only admin can use ptrace, as it required CAP_SYS_PTRACE capability.
kernel.yama.ptrace_scope = 3: No processes may be traced with ptrace. Once set, a reboot is needed to enable ptracing again.

=> 值 0 为所有进程启用 ptrace，而不是禁用它。

请注意，如果将此值更改为 2 或 3，则在重新启动时似乎会恢复为 0。您需要调整启动标志或找到其他解决方案（我尚未找到 - 如果找到解决方案，我会及时通知您，因为这涉及公共机器上的关键安全考虑）

在 Debian 上禁用 ptrace

答案1

答案2

相关内容