Roberto Ragusa wrote:
> Auditors are constantly proposing disabling features and making things
> inconvenient, undebuggable, inefficient and substantially annoying to
> operate.
>  
> They should instead learn some basic concepts of security.
> For example: if you are running a process, even in a VM or container, you
> have to trust the administrator of the host system. And that's it.

+1. Disabling important debugging tools in the name of "security" is a no 
go. Also goes for ptrace etc.

The worst invasive security nightmares actually come from the security folks 
themselves, e.g., auditd, which keeps a meticulous log of just about 
everything you do that the NSA (or other countries' equivalent) can 
conveniently read if they ever manage to compromise your computer. That 
contraption is one of the first things I disable on my computers!

        Kevin Kofler
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to