mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-11-26 00:18:24 -05:00
24 lines
1.1 KiB
Text
24 lines
1.1 KiB
Text
## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## Definitions:
|
|
## KSPP=yes: compliant with recommendations by the KSPP
|
|
## KSPP=partial: partially compliant with recommendations by the KSPP
|
|
## KSPP=no: not (currently) compliant with recommendations by the KSPP
|
|
## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
|
|
|
|
## Diable the usage of the ptrace() system call by all processes.
|
|
## Restrict ptrace() as it enables programs to inspect and modify other active processes.
|
|
## Prevents native code debugging which some programs use as a method to detect tampering.
|
|
## May cause breakages in 'anti-cheat' software and programs running under Proton/WINE.
|
|
##
|
|
## https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html#ptrace-scope
|
|
## https://en.wikipedia.org/wiki/Ptrace
|
|
## https://grapheneos.org/features#attack-surface-reduction
|
|
## https://github.com/GrapheneOS/os-issue-tracker/issues/651#issuecomment-917599928
|
|
## https://github.com/netblue30/firejail/issues/2860
|
|
##
|
|
## KSPP=yes
|
|
## KSPP sets the sysctl.
|
|
##
|
|
kernel.yama.ptrace_scope=3
|