> Good to see that the technique is still viable after two decades.
It absolutely blew my mind to learn that Debian is still shipping with Yama mitigations disabled by default (last time I checked, which was about a year ago). I think they're one of the only mainstream distros to be doing this, although I haven't done a comprehensive survey.
I think this is so users can choose what level of restriction they want using kernel.yama.ptrace_scope with sysctl, 0 being the default and 2 being the most restrictive.
It absolutely blew my mind to learn that Debian is still shipping with Yama mitigations disabled by default (last time I checked, which was about a year ago). I think they're one of the only mainstream distros to be doing this, although I haven't done a comprehensive survey.