summaryrefslogtreecommitdiffstats
path: root/test/test-compare-versions.sh
diff options
context:
space:
mode:
authorEtienne Cordonnier <ecordonnier@snap.com>2024-09-06 10:36:28 +0200
committerLennart Poettering <lennart@poettering.net>2024-09-06 13:30:36 +0200
commit4ac1755be2d6c141fae7e57c42936e507c5b54e3 (patch)
tree24af4166c5510dd58dbe7b5f22e2f5afe0c6280d /test/test-compare-versions.sh
parentMerge pull request #34279 from yuwata/ask-password (diff)
downloadsystemd-4ac1755be2d6c141fae7e57c42936e507c5b54e3.tar.xz
systemd-4ac1755be2d6c141fae7e57c42936e507c5b54e3.zip
coredump: set ProtectHome to read-only
In https://github.com/systemd/systemd/pull/5283/commits/924453c22599cc246746a0233b2f52a27ade0819 ProtectHome was set to true for systemd-coredump in order to reduce risk, since an attacker could craft a malicious binary in order to compromise systemd-coredump. At that point the object analysis was done in the main systemd-coredump process. Because of this systemd-coredump is unable to product symbolicated call-stacks for binaries running under /home ("n/a" is shown instead of function names). However, later in https://github.com/systemd/systemd/commit/61aea456c12c54f49c4a76259af130e576130ce9 systemd-coredump was changed to do the object analysis in a forked process, covering those security concerns. Let's set ProtectHome to read-only so that systemd-coredump produces symbolicated call-stacks for processes running under /home.
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions