On Fri, Feb 12, 2016 at 10:32 AM, Richard W.M. Jones
<rjones(a)redhat.com> wrote:
> On Fri, Feb 12, 2016 at 07:24:06AM -0500, Jakub Filak wrote:
>> The default value 0 is there for good security reason, but I would
>> like to propose changing the default value to 2 for development
>> Fedora releases (Alpha, Beta, Rawhide). In this case, kernel would
>> send core dump to ABRT (or systemd-coredump) and the ABRT record
>> would be accessible only to root.
> It seems like this would be unsafe if core_pattern is not a pipe or
> fully qualified path.
>
> Ref:
https://lwn.net/Articles/503682/
>
> That's fine when ABRT is running, but would be unsafe if someone
> disabled ABRT by directly setting core_pattern (eg. to "core.%p"), but
> forgot about suid_dumpable.
>
> The kernel does emit KERN_WARNING about this situation (upstream
> commit 54b501992dd2), but it's not clear if a sysadmin would notice.
>
> (I'm actually quite happy for the default to be changed as you
> suggest, but can see it's a bit of a minefield.)
We could change the kernel to add suid_dumpable == 3 which is like
suid_dumpable==2 but only if the core_pattern is a pipe.
I didn't know that 3 is supported for suid_dumpable.
The value of 3 is not documented [1] and I can't find it in the source
code [2].
Regards,
Jakub
1: