aboutsummaryrefslogtreecommitdiffstats
path: root/releasenotes/notes/disable-core-dump-for-setuid-programs-e83a2a5da908b9c3.yaml
blob: 3168a549c5d08abc87432dd5af307bad4b58011f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
---
upgrade:
  - |
    The fs.suid_dumpable kernel parameter is now explicitly set to 0 to prevent
    exposing sensitive data through core dumps of processes with elevated
    permissions. Deployments that set or depend on non-zero values for
    fs.suid_dumpable may be affected by upgrading.
security:
  - |
    Explicitly disable core dump for setuid programs by setting
    fs.suid_dumpable = 0, this will descrease the risk of unauthorized access
    of core dump file generated by setuid program.