> The issue described in the article was fixed by requiring an absolute > path in core_pattern (If I understand it correctly). > > If core_pattern is unsafe, the process is not dumped at all (man 5 proc). > > The kernel commit adds a warning, because kernel was silently ignoring > crashes and no one could notice. If this is true, shouldn't we be safe to set the default to 2? Note also, that having suid_dumpable = 0 is sometimes blocking other security features in Fedora, for example sssd running as non-root by default - https://bugzilla.redhat.com/show_bug.cgi?id=1212503 Regards, /M > > > Regards, > Jakub > > On 02/12/2016 07:32 PM, Richard W.M. Jones wrote: -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
