Merge "Disable core dump for setuid programs"

author: Jenkins <jenkins@review.openstack.org> 2017-04-05 14:23:49 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-04-05 14:23:49 +0000
commit: 963d4a6954ea6b5c25706b082748550d3f647140 (patch)
tree: 976c0fd4821b8171771e99615d875f6d58031c15 /releasenotes
parent: 29faa38ddca3a91d6944bdda8daceda4dde2b128 (diff)
parent: 4483378fec94ab3af9ad12e66bc6bc8697a673c6 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml b/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml
new file mode 100644
index 00000000..3168a549
--- /dev/null
+++ b/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+  - |
+    The fs.suid_dumpable kernel parameter is now explicitly set to 0 to prevent
+    exposing sensitive data through core dumps of processes with elevated
+    permissions. Deployments that set or depend on non-zero values for
+    fs.suid_dumpable may be affected by upgrading.
+security:
+  - |
+    Explicitly disable core dump for setuid programs by setting
+    fs.suid_dumpable = 0, this will descrease the risk of unauthorized access
+    of core dump file generated by setuid program.
author	Jenkins <jenkins@review.openstack.org>	2017-04-05 14:23:49 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-04-05 14:23:49 +0000
commit	963d4a6954ea6b5c25706b082748550d3f647140 (patch)
tree	976c0fd4821b8171771e99615d875f6d58031c15 /releasenotes
parent	29faa38ddca3a91d6944bdda8daceda4dde2b128 (diff)
parent	4483378fec94ab3af9ad12e66bc6bc8697a673c6 (diff)