[systemd-devel] [PATCH] [RFCv7] Optionally save core dumps as plain files
Mantas Mikulėnas
grawity at gmail.com
Wed May 22 05:01:14 PDT 2013
On Wed, May 22, 2013 at 9:22 AM, Tollef Fog Heen <tfheen at err.no> wrote:
> ]] Oleksii Shevchuk
>
>> > > For security reasons. It will be better if user will not have access to
>> > > own cores by default (situation is the same with journal backend in
>> > > upstream now).
>>
>> > Why?
>>
>> When apps like gpg/lastpass/whatelse-with-passwords crashes, then user probably
>> will not be very happy to have all that data accessible as is.
>
> They should either be sgid some group and then setgid to the user's
> group or just use prctl(PR_SET_DUMPABLE, 0).
`gpg` already disables core dumps by setting RLIMIT_CORE to zero.
--
Mantas Mikulėnas <grawity at gmail.com>
More information about the systemd-devel
mailing list