I'm not a security expert but I would rather start with something
less ambitious and more secure. Just for sure.
Regards,
Jakub
On 02/15/2016 11:22 AM, Miroslav Vadkerti wrote:
The issue described in the article was fixed by requiring an absolute
path in core_pattern (If I understand it correctly).
If core_pattern is unsafe, the process is not dumped at all (man 5 proc).
The kernel commit adds a warning, because kernel was silently ignoring
crashes and no one could notice.
If this is true, shouldn't we be safe to set the default to 2?
Note also, that having suid_dumpable = 0 is sometimes blocking other security
features in Fedora, for example sssd running as non-root by default -
https://bugzilla.redhat.com/show_bug.cgi?id=1212503
Regards,
/M
Regards,
Jakub
On 02/12/2016 07:32 PM, Richard W.M. Jones wrote:
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
