Re: Fwd: Use suid_dumpable=2 for development releases

On Fri, Feb 12, 2016 at 10:32 AM, Richard W.M. Jones <rjones(a)redhat.com&gt; wrote: > On Fri, Feb 12, 2016 at 07:24:06AM -0500, Jakub Filak wrote: >> The default value 0 is there for good security reason, but I would >> like to propose changing the default value to 2 for development >> Fedora releases (Alpha, Beta, Rawhide). In this case, kernel would >> send core dump to ABRT (or systemd-coredump) and the ABRT record >> would be accessible only to root. > It seems like this would be unsafe if core_pattern is not a pipe or > fully qualified path. > > Ref: https://lwn.net/Articles/503682/ > > That's fine when ABRT is running, but would be unsafe if someone > disabled ABRT by directly setting core_pattern (eg. to "core.%p"), but > forgot about suid_dumpable. > > The kernel does emit KERN_WARNING about this situation (upstream > commit 54b501992dd2), but it's not clear if a sysadmin would notice. > > (I'm actually quite happy for the default to be changed as you > suggest, but can see it's a bit of a minefield.) We could change the kernel to add suid_dumpable == 3 which is like suid_dumpable==2 but only if the core_pattern is a pipe.