The issue described in the article was fixed by requiring an
absolute
path in core_pattern (If I understand it correctly).
If core_pattern is unsafe, the process is not dumped at all (man 5 proc).
The kernel commit adds a warning, because kernel was silently ignoring
crashes and no one could notice.
If this is true, shouldn't we be safe to set the default to 2?
Note also, that having suid_dumpable = 0 is sometimes blocking other security features in
Fedora, for example sssd running as non-root by default -
https://bugzilla.redhat.com/show_bug.cgi?id=1212503
Regards,
/M
>
>
> Regards,
> Jakub
>
> On 02/12/2016 07:32 PM, Richard W.M. Jones wrote: