Description
Multiple Linux kernel local privilege escalation vulnerabilities have been found recently in a very short time window. One of them is ssh-keysign-pwn, involving a vulnerability in ptrace. This increased pace of AI-aided vulnerability discovery is only expected to increase. We've probably not seen the last of ptrace-related vulnerabilities.
Solution
Add a control that checks that ptrace is either disabled or admin-only (kernel.yama.ptrace_scope >= 2).
This will not be suitable for development servers, but most servers are not for development, so it can be argued that it's reasonable for this control to be in the baseline.
Alternatives
No response
Additional information
No response
Description
Multiple Linux kernel local privilege escalation vulnerabilities have been found recently in a very short time window. One of them is ssh-keysign-pwn, involving a vulnerability in ptrace. This increased pace of AI-aided vulnerability discovery is only expected to increase. We've probably not seen the last of ptrace-related vulnerabilities.
Solution
Add a control that checks that ptrace is either disabled or admin-only (kernel.yama.ptrace_scope >= 2).
This will not be suitable for development servers, but most servers are not for development, so it can be argued that it's reasonable for this control to be in the baseline.
Alternatives
No response
Additional information
No response