tripleo-heat-templates/releasenotes/notes/disable-core-dump-for-setui...

13 lines
504 B
YAML

---
upgrade:
- |
The fs.suid_dumpable kernel parameter is now explicitly set to 0 to prevent
exposing sensitive data through core dumps of processes with elevated
permissions. Deployments that set or depend on non-zero values for
fs.suid_dumpable may be affected by upgrading.
security:
- |
Explicitly disable core dump for setuid programs by setting
fs.suid_dumpable = 0, this will descrease the risk of unauthorized access
of core dump file generated by setuid program.