o Update an instance of 'unprivileged_procdebug_permitted' missed
in the previous commit: the comment should also call it 'unprivileged_proc_debug'.
This commit is contained in:
parent
8694133670
commit
fb311b7cce
@ -1464,12 +1464,12 @@ p_cansched(struct proc *p1, struct proc *p2)
|
||||
}
|
||||
|
||||
/*
|
||||
* The 'unprivileged_procdebug_permitted' flag may be used to disable
|
||||
* a variety of unprivileged inter-process debugging services, including
|
||||
* some procfs functionality, ptrace(), and ktrace(). In the past,
|
||||
* inter-process debugging has been involved in a variety of security
|
||||
* problems, and sites not requiring the service might choose to disable it
|
||||
* when hardening systems.
|
||||
* The 'unprivileged_proc_debug' flag may be used to disable a variety of
|
||||
* unprivileged inter-process debugging services, including some procfs
|
||||
* functionality, ptrace(), and ktrace(). In the past, inter-process
|
||||
* debugging has been involved in a variety of security problems, and sites
|
||||
* not requiring the service might choose to disable it when hardening
|
||||
* systems.
|
||||
*
|
||||
* XXX: Should modifying and reading this variable require locking?
|
||||
* XXX: data declarations should be together near the beginning of the file.
|
||||
|
Loading…
Reference in New Issue
Block a user