BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.all-systems-go.io//all-systems-go-2024//VQFUY3
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-all-systems-go-2024-9UVMR7@cfp.all-systems-go.io
DTSTART;TZID=CET:20240925T115500
DTEND;TZID=CET:20240925T123500
DESCRIPTION:There is a well-known trade-off between security lockdowns and 
 a user's abiliy to\ndebug/inspect a system. The Linux kernel is finally fi
 xing an old proc/mem security\nbug which illustrates this trade-off nicely
 . The kernel will provide a mechanism\,\nso distros need to implement a po
 licy according to their own security needs\, to\nrestrict proc/mem access 
 (it gives userspace RW access to processes memory).\n\nThis talk goes into
  the what\, why and how of getting this bug fixed\, with some policies\nfo
 r plugging the long-standing hole for different use-cases\, without breaki
 ng\ndebuggers or container supervisors.
DTSTAMP:20260315T024408Z
LOCATION:Dome
SUMMARY:Fixing an old Linux process memory security bug - Adrian Ratiu
URL:https://cfp.all-systems-go.io/all-systems-go-2024/talk/9UVMR7/
END:VEVENT
END:VCALENDAR