[axxs-sysadmin] core dump vuln
finn
finn at animal-liberation.org.nz
Fri Jul 14 03:17:45 PDT 2006
Hi,
Just wondering if any action has been taken with the PRCTL core dump
vuln: http://www.securityfocus.com/bid/18874/info
Judging by our 146 days uptime, we haven't had a kernel update for a
while ;-)
I have made a couple of changes:
echo /dev/null > /proc/sys/kernel/core_pattern
(was: core)
echo 0 > /proc/sys/kernel/core_uses_pid
(was: 1)
This should force all core dumps into /dev/null, instead of the current
directory. Otherwise a user could drop something bad into /etc/cron.* etc.
Is there an updated kernel out for fedora yet?
seeya's
finn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.indymedia.org/pipermail/axxs-sysadmin/attachments/20060714/3de886ae/attachment.pgp
More information about the axxs-sysadmin
mailing list