On Fri, Feb 12, 2016 at 07:24:06AM -0500, Jakub Filak wrote: > The default value 0 is there for good security reason, but I would > like to propose changing the default value to 2 for development > Fedora releases (Alpha, Beta, Rawhide). In this case, kernel would > send core dump to ABRT (or systemd-coredump) and the ABRT record > would be accessible only to root. It seems like this would be unsafe if core_pattern is not a pipe or fully qualified path. Ref: https://lwn.net/Articles/503682/ That's fine when ABRT is running, but would be unsafe if someone disabled ABRT by directly setting core_pattern (eg. to "core.%p"), but forgot about suid_dumpable. The kernel does emit KERN_WARNING about this situation (upstream commit 54b501992dd2), but it's not clear if a sysadmin would notice. (I'm actually quite happy for the default to be changed as you suggest, but can see it's a bit of a minefield.) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
