I just found out that ptrace protections can actually be disabled without a reboot, so that makes things less bad.
Hm, that only works if the kernel is not locked, which it is by default if you use the ASL kernel (ALLOW_kmod_loading="no" in /etc/asl/config, you can find the current lock setting in /proc/sys/kernel/grsecurity/grsec_lock (1 means enabled, 0 means disabled)).
I thought I would only temporarily disable ptrace protections when access to the Plesk License Manager page is required, but since I don't like to reboot production servers for that, the only way to achieve that is to not lock the kernel.
What do you recommend?
1. Locked kernel with ptrace protections disabled (always allowing access to the Plesk License Manager page).
2. Unlocked kernel with ptrace protections enabled (allowing for temporarily disabling ptrace protections when needed).
I guess allowing kernel module loading and modifying kernel settings is a bigger security risk than not having ptrace protections enabled, right?
Is anyone able to use the Plesk License Manager page of any version of Plesk while having ptrace protections enabled? If so, what version of Plesk?