]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f9d29f6) | patch
sysctl: enable coredump for suid binaries
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Fri, 3 Apr 2020 20:05:25 +0000 (22:05 +0200)
committerLennart Poettering <lennart@poettering.net>
Tue, 7 Apr 2020 13:28:46 +0000 (15:28 +0200)
commit6635f57d3eeb16051b00ba331da3c8d4f7e578da
tree44620aabcf0534f562aa33a6ec5dfa21e5f4c784tree | snapshot
parentf9d29f6d06058104ac88431495b36bc5edc45843commit | diff
sysctl: enable coredump for suid binaries

Right now the kernel will not dump anything that went through setuid or
setgid. But it is routine for daemons to do that, and it makes things hard to
debug.

systemd-coredump saves the coredump readable by the users the process was
running as. This should be enough to avoid information leakage. So let's also
tell the kernel to do the coredump.

For https://bugzilla.redhat.com/show_bug.cgi?id=1790972.

Both patterns are stored in the same file, so they are enabled or disabled
together. (Though suid_dumpable=2 is supposed to be safe even when writing to
plain files.)
NEWS diff | blob | blame | history
sysctl.d/50-coredump.conf.in diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.