subject:"Use suid_dumpable=2 for development releases"

Re: Fwd: Use suid_dumpable=2 for development releases

2016-03-01 Thread Jakub Filak

On 02/12/2016 07:57 PM, Andrew Lutomirski wrote: On Fri, Feb 12, 2016 at 10:32 AM, Richard W.M. Jones wrote: On Fri, Feb 12, 2016 at 07:24:06AM -0500, Jakub Filak wrote: The default value 0 is there for good security reason, but I would like to propose changing the default value to 2 for dev

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-16 Thread Jakub Filak

wrote: >> >> - Forwarded Message - >> From: "Jakub Filak" mailto:jfi...@redhat.com>> >> To: secur...@lists.fedoraproject.org <mailto:secur...@lists.fedoraproject.org> >> Sent: Thursday, February 11, 2016 9:51:04 AM >> Subject: Use

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-16 Thread Andrew Lutomirski

gt; > > Regards, > Jakub > > > On 02/12/2016 01:24 PM, Jakub Filak wrote: >> >> - Forwarded Message - >> From: "Jakub Filak" >> To: secur...@lists.fedoraproject.org >> Sent: Thursday, February 11, 2016 9:51:04 AM >> Subject: Use

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-15 Thread Jakub Filak

From: "Jakub Filak" To: secur...@lists.fedoraproject.org Sent: Thursday, February 11, 2016 9:51:04 AM Subject: Use suid_dumpable=2 for development releases Hello, As a maintainer of ABRT, I have been asked several times why ABRT does not catch crashes of many processes and one

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-15 Thread Jakub Filak

I'm not a security expert but I would rather start with something less ambitious and more secure. Just for sure. Regards, Jakub On 02/15/2016 11:22 AM, Miroslav Vadkerti wrote: The issue described in the article was fixed by requiring an absolute path in core_pattern (If I understand it corre

Re: Use suid_dumpable=2 for development releases

2016-02-15 Thread Andrew Clayton

On Mon, 15 Feb 2016 07:00:36 +0100, Jakub Filak wrote: > On 02/12/2016 07:57 PM, Andrew Lutomirski wrote: > > We could change the kernel to add suid_dumpable == 3 which is like > > suid_dumpable==2 but only if the core_pattern is a pipe. > > > I didn't know that 3 is supported for suid_dumpable.

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-15 Thread Miroslav Vadkerti

> The issue described in the article was fixed by requiring an absolute > path in core_pattern (If I understand it correctly). > > If core_pattern is unsafe, the process is not dumped at all (man 5 proc). > > The kernel commit adds a warning, because kernel was silently ignoring > crashes and no

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-14 Thread Jakub Filak

On 02/12/2016 07:57 PM, Andrew Lutomirski wrote: On Fri, Feb 12, 2016 at 10:32 AM, Richard W.M. Jones wrote: On Fri, Feb 12, 2016 at 07:24:06AM -0500, Jakub Filak wrote: The default value 0 is there for good security reason, but I would like to propose changing the default value to 2 for dev

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-14 Thread Jakub Filak

The issue described in the article was fixed by requiring an absolute path in core_pattern (If I understand it correctly). If core_pattern is unsafe, the process is not dumped at all (man 5 proc). The kernel commit adds a warning, because kernel was silently ignoring crashes and no one could no

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-12 Thread Andrew Lutomirski

On Fri, Feb 12, 2016 at 10:32 AM, Richard W.M. Jones wrote: > On Fri, Feb 12, 2016 at 07:24:06AM -0500, Jakub Filak wrote: >> The default value 0 is there for good security reason, but I would >> like to propose changing the default value to 2 for development >> Fedora releases (Alpha, Beta, Rawhi

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-12 Thread Richard W.M. Jones

On Fri, Feb 12, 2016 at 07:24:06AM -0500, Jakub Filak wrote: > The default value 0 is there for good security reason, but I would > like to propose changing the default value to 2 for development > Fedora releases (Alpha, Beta, Rawhide). In this case, kernel would > send core dump to ABRT (or syste

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-12 Thread Miroslav Lichvar

On Fri, Feb 12, 2016 at 12:40:37PM +, Tom Hughes wrote: > On 12/02/16 12:24, Jakub Filak wrote: > >I believe that maintainers of packages like chrony will be really delighted > >with this change, while will not weaken security of Fedora for regular users. > > What part of chrony is setuid? I d

Re: Fwd: Use suid_dumpable=2 for development releases

2016-02-12 Thread Tom Hughes

On 12/02/16 12:24, Jakub Filak wrote: As a maintainer of ABRT, I have been asked several times why ABRT does not catch crashes of many processes and one kind of reasons dominate among other reasons - processes that executes set-user-ID programs (man 5 core). These processes are not dumped at all

Fwd: Use suid_dumpable=2 for development releases

2016-02-12 Thread Jakub Filak

- Forwarded Message - From: "Jakub Filak" To: secur...@lists.fedoraproject.org Sent: Thursday, February 11, 2016 9:51:04 AM Subject: Use suid_dumpable=2 for development releases Hello, As a maintainer of ABRT, I have been asked several times why ABRT does not catch crash

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Re: Fwd: Use suid_dumpable=2 for development releases

Fwd: Use suid_dumpable=2 for development releases

14 matches

Site Navigation

Mail list logo

Footer information