Code Review / apex-tripleo-heat-templates.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 0e76a20) | patch
Disable core dump for setuid programs
authorzshi <zshi@redhat.com>
Tue, 28 Mar 2017 06:18:52 +0000 (14:18 +0800)
committerzshi <zshi@redhat.com>
Tue, 28 Mar 2017 06:18:52 +0000 (14:18 +0800)
commit4483378fec94ab3af9ad12e66bc6bc8697a673c6
tree189c8f369d66db290d6a72115f7ad214e2646601tree | snapshot
parent0e76a20cae6008ae5cf13e7a1d87de154f6e0c40commit | diff
Disable core dump for setuid programs

The core dump of a setuid program is more likely
to contain sensitive data, as the program itself
runs with greater privileges than the user who
initiated execution of the program. Disabling the
ability for any setuid program to write a core
file decreases the risk of unauthorized access of
such data.

This change sets core dump for setuid programs
to '0'.

Change-Id: Ib05d993c1bb59b59c784e438f805733f636c743d
Signed-off-by: zshi <zshi@redhat.com>
puppet/services/kernel.yaml diff | blob | history
releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml [new file with mode: 0644] blob