13 lines
504 B
YAML
13 lines
504 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The fs.suid_dumpable kernel parameter is now explicitly set to 0 to prevent
|
|
exposing sensitive data through core dumps of processes with elevated
|
|
permissions. Deployments that set or depend on non-zero values for
|
|
fs.suid_dumpable may be affected by upgrading.
|
|
security:
|
|
- |
|
|
Explicitly disable core dump for setuid programs by setting
|
|
fs.suid_dumpable = 0, this will descrease the risk of unauthorized access
|
|
of core dump file generated by setuid program.
|