hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-12-04 23:22:22 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Document ptrace hardening 

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
Shawn Webb 2023-01-21 19:22:55 -05:00
parent 79469f4ffe
commit cfcdf7dd88
No known key found for this signature in database
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Home.md

@ -124,6 +124,15 @@ HardenedBSD does not permit such behavior.
jemalloc in HardenedBSD has been set to zero new allocations by jemalloc in HardenedBSD has been set to zero new allocations by
default. default.
Process tracing (`ptrace`) is hardened:
* Process tracing facility itself is disabled by default
(`security.bsd.allow_ptrace=0`).
* Unpriviledged process debugging is prohibited by default
(`security.bsd.unprivileged_proc_debug=0`).
* Remote syscall functionality (`ptrace(PT_SC_REMOTE)`) is prohibited by
default.
## Modified sysctl Nodes ## Modified sysctl Nodes
These are the nodes that are modified from their original defaults These are the nodes that are modified from their original defaults