Commit 1bd50c90 authored by Joe Orton's avatar Joe Orton
Browse files

Add security note on CoreDumpDirectory for Linux. 

Reviewed by: icing, elukey


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1857626 13f79535-47bb-0310-9956-ffa450edef68
parent bf7ade03

docs/manual/mod/mpm_common.xml

+11 −0
Original line number Diff line number Diff line
@@ -50,6 +50,17 @@ switch before dumping core</description> 
    operating system is not configured to write core files to the working directory

    of the crashing processes.</p>



    <note type="warning">

      <title>Security note for Linux systems</title>



      <p>Using this directive on Linux may allow other processes on

      the system (if running with similar privileges, such as CGI

      scripts) to attach to httpd children via the <code>ptrace</code>

      system call.  This may make weaken the protection from certain

      security attacks.  It is not recommended to use this directive

      on production systems.</p>

    </note>

    

    <note><title>Core Dumps on Linux</title>

      <p>If Apache httpd starts as root and switches to another user, the

      Linux kernel <em>disables</em> core dumps even if the directory is