I'm not a security expert but I would rather start with something
less ambitious and more secure. Just for sure.
Regards,
Jakub
On 02/15/2016 11:22 AM, Miroslav Vadkerti wrote:
> The issue described in the article was fixed by requiring an
absolute
> path in core_pattern (If I understand it correctly).
>
> If core_pattern is unsafe, the process is not dumped at all (man 5 proc).
>
> The kernel commit adds a warning, because kernel was silently ignoring
> crashes and no one could notice.
If this is true, shouldn't we be safe to set the default to 2?
Note also, that having suid_dumpable = 0 is sometimes blocking other security features in
Fedora, for example sssd running as non-root by default -
https://bugzilla.redhat.com/show_bug.cgi?id=1212503
Regards,
/M
>
> Regards,
> Jakub
>
> On 02/12/2016 07:32 PM, Richard W.M. Jones wrote:
--
devel mailing list
devel(a)lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org