summaryrefslogtreecommitdiffstats
path: root/releasenotes
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-04-05 14:23:49 +0000
committerGerrit Code Review <review@openstack.org>2017-04-05 14:23:49 +0000
commit963d4a6954ea6b5c25706b082748550d3f647140 (patch)
tree976c0fd4821b8171771e99615d875f6d58031c15 /releasenotes
parent29faa38ddca3a91d6944bdda8daceda4dde2b128 (diff)
parent4483378fec94ab3af9ad12e66bc6bc8697a673c6 (diff)
Merge "Disable core dump for setuid programs"
Diffstat (limited to 'releasenotes')
-rw-r--r--releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml12
1 files changed, 12 insertions, 0 deletions
diff --git a/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml b/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml
new file mode 100644
index 00000000..3168a549
--- /dev/null
+++ b/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+ - |
+ The fs.suid_dumpable kernel parameter is now explicitly set to 0 to prevent
+ exposing sensitive data through core dumps of processes with elevated
+ permissions. Deployments that set or depend on non-zero values for
+ fs.suid_dumpable may be affected by upgrading.
+security:
+ - |
+ Explicitly disable core dump for setuid programs by setting
+ fs.suid_dumpable = 0, this will descrease the risk of unauthorized access
+ of core dump file generated by setuid program.