Re: Fwd: Use suid_dumpable=2 for development releases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm not a security expert but I would rather start with something
less ambitious and more secure. Just for sure.


Regards,
Jakub


On 02/15/2016 11:22 AM, Miroslav Vadkerti wrote:

The issue described in the article was fixed by requiring an absolute
path in core_pattern (If I understand it correctly).

If core_pattern is unsafe, the process is not dumped at all  (man 5 proc).

The kernel commit adds a warning, because kernel was silently ignoring
crashes and no one could notice.

If this is true, shouldn't we be safe to set the default to 2?

Note also, that having suid_dumpable = 0 is sometimes blocking other security features in Fedora, for example sssd running as non-root by default - https://bugzilla.redhat.com/show_bug.cgi?id=1212503

Regards,
/M



Regards,
Jakub

On 02/12/2016 07:32 PM, Richard W.M. Jones wrote:

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux