Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /proc/self/root/proc/thread-self/root/usr/share/doc/systemd/ |
# The ptrace system call is used for interprocess services, # communication and introspection (like synchronisation, signaling, # debugging, tracing and profiling) of processes. # # Usage of ptrace is restricted by normal user permissions. Normal # unprivileged processes cannot use ptrace on processes that they # cannot send signals to or processes that are running set-uid or # set-gid. Nevertheless, processes running under the same uid will # usually be able to ptrace one another. # # Fedora enables the Yama security mechanism which restricts ptrace # even further. Sysctl setting kernel.yama.ptrace_scope can have one # of the following values: # # 0 - Normal ptrace security permissions. # 1 - Restricted ptrace. Only child processes plus normal permissions. # 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. # 3 - No attach. No process may call ptrace at all. Irrevocable. # # For more information see Documentation/security/Yama.txt in the # kernel sources. # # The default is 1., which allows tracing of child processes, but # forbids tracing of arbitrary processes. This allows programs like # gdb or strace to work when the most common way of having the # debugger start the debuggee is used: # gdb /path/to/program ... # Attaching to already running programs is NOT allowed: # gdb -p ... # This default setting is suitable for the common case, because it # reduces the risk that one hacked process can be used to attack other # processes. (For example, a hacked firefox process in a user session # will not be able to ptrace the keyring process and extract passwords # stored only in memory.) # # Developers and administrators might want to disable those protections # to be able to attach debuggers to existing processes. Use # sysctl kernel.yama.ptrace_scope=0 # for change the setting temporarily, or copy this file to # /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots. kernel.yama.ptrace_scope = 0