From: Joe Orton <jorton@apache.org>
Date: Tue, 16 Apr 2019 07:54:27 +0000 (+0000)
Subject: Add security note on CoreDumpDirectory for Linux.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~2071
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9227bee96c22aba74400e8c11af2600512f5d7cd;p=thirdparty%2Fapache%2Fhttpd.git

Add security note on CoreDumpDirectory for Linux.

Reviewed by: icing, elukey


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1857626 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mpm_common.xml b/docs/manual/mod/mpm_common.xml
index 682caf14b01..6f755233f69 100644
--- a/docs/manual/mod/mpm_common.xml
+++ b/docs/manual/mod/mpm_common.xml
@@ -50,6 +50,17 @@ switch before dumping core</description>
     operating system is not configured to write core files to the working directory
     of the crashing processes.</p>
 
+    <note type="warning">
+      <title>Security note for Linux systems</title>
+
+      <p>Using this directive on Linux may allow other processes on
+      the system (if running with similar privileges, such as CGI
+      scripts) to attach to httpd children via the <code>ptrace</code>
+      system call.  This may make weaken the protection from certain
+      security attacks.  It is not recommended to use this directive
+      on production systems.</p>
+    </note>
+    
     <note><title>Core Dumps on Linux</title>
       <p>If Apache httpd starts as root and switches to another user, the
       Linux kernel <em>disables</em> core dumps even if the directory is