Monday 06 July 2026 19:07:46 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

kernel.yama.ptrace_scope

A Linux setting that restricts ptrace behavior to reduce local attack surface.

kernel.yama.ptrace_scope is a Linux kernel setting, exposed through the Yama security module, that limits how ptrace can be used between processes. ptrace is a powerful debugging interface that can inspect registers and memory, so unrestricted access can expose passwords, tokens, and other secrets in process memory.

For defenders, increasing ptrace_scope reduces the local attack surface by blocking or narrowing cross-process tracing, especially between unrelated users. This can make privilege escalation and secret theft harder after an initial foothold. In real attacks, adversaries may try to abuse weak ptrace permissions or a kernel permission bug to read data from privileged processes. It is a useful hardening control, but not a substitute for patching the kernel or removing unnecessary setuid-root helpers. Higher values can also break debuggers and observability tools, so changes should be tested carefully.

← WIKICROOK index