[ubuntu-hardened] fs: suid_dumpable=2 and a security issue (gain root privileges).
Kees Cook
kees at ubuntu.com
Sat Jan 16 18:52:39 UTC 2016
On Fri, Jan 15, 2016 at 08:54:24PM +0100, daniel curtis wrote:
> So, if mode '2' was fixed that is safe as-is now, it can be used instead of
> mode '1', right? One more question: what's your opinion on
> 'fs.suid_dumpable'? It is better to set it to '0' or, according to above
> information about fixed mode '2', it rather should be set to mode '2'?
>
> Thank You for an answer. Best regards.
I tend to leave as much as-is as possible on a distribution since it makes
upgrades much easier. Since Ubuntu's crash handler expects to be using "2",
I'd just leave it at "2".
-Kees
--
Kees Cook
More information about the ubuntu-hardened
mailing list