summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2020-07-09 20:51:35 +0200
committerJonathan Corbet <corbet@lwn.net>2020-07-13 17:40:42 +0200
commit9d1bd9e8e028d1e1753120ba53d39fcdaeca6ea6 (patch)
treeb9bb8742764e39079739d9c9707c11cc9a1a7a13 /Documentation
parentDocumentation/security-bugs: Explain why plain text is preferred (diff)
downloadlinux-9d1bd9e8e028d1e1753120ba53d39fcdaeca6ea6.tar.xz
linux-9d1bd9e8e028d1e1753120ba53d39fcdaeca6ea6.zip
doc: yama: Swap HTTP for HTTPS and replace dead link
Replace one dead link for the same person's original presentation on the topic and swap an HTTP URL with HTTPS. While here, linkify the text to make it more readable when rendered. Link: https://lore.kernel.org/lkml/20200708073346.13177-1-grandmaster@al2klimov.de/ Co-developed-by: Alexander A. Klimov <grandmaster@al2klimov.de> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/202007091141.C008B89EC@keescook Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/admin-guide/LSM/Yama.rst7
1 files changed, 4 insertions, 3 deletions
diff --git a/Documentation/admin-guide/LSM/Yama.rst b/Documentation/admin-guide/LSM/Yama.rst
index d0a060de3973..d9cd937ebd2d 100644
--- a/Documentation/admin-guide/LSM/Yama.rst
+++ b/Documentation/admin-guide/LSM/Yama.rst
@@ -19,9 +19,10 @@ attach to other running processes (e.g. Firefox, SSH sessions, GPG agent,
etc) to extract additional credentials and continue to expand the scope
of their attack without resorting to user-assisted phishing.
-This is not a theoretical problem. SSH session hijacking
-(http://www.storm.net.nz/projects/7) and arbitrary code injection
-(http://c-skills.blogspot.com/2007/05/injectso.html) attacks already
+This is not a theoretical problem. `SSH session hijacking
+<https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-boileau.pdf>`_
+and `arbitrary code injection
+<https://c-skills.blogspot.com/2007/05/injectso.html>`_ attacks already
exist and remain possible if ptrace is allowed to operate as before.
Since ptrace is not commonly used by non-developers and non-admins, system
builders should be allowed the option to disable this debugging system.