Hacker News new | past | comments | ask | show | jobs | submit login

It would also be proper to disable non root access to /proc among other things. You can do that by simply mounting with hidepid=2 or adding it to fstab.



Why? Disabling access to /proc will disable a huge number of useful features, such as the ability of a process to monitor and manage its memory usage, to debug itself, and so forth.


For example, /proc/self/pagemap can be used for rowhammer attacks.

Source: Another flip in the wall of rowhammer defenses (IEEE S&P 2018)


Interesting. I have never read that anywhere. I will research. TY!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: