Slowing the flow of core-dump-related CVEs
a year ago
- #Kernel
- #Linux
- #Security
- The 6.16 kernel introduces changes to core dump handling to reduce vulnerabilities.
- Core dumps have been a source of security issues due to race conditions and privileged helper processes.
- New API improvements include using pidfds to uniquely identify crashed processes and avoid PID reuse attacks.
- A new core_pattern syntax allows writing core dumps directly to a socket, improving efficiency and security.
- Systemd-coredump and similar tools can now handle core dumps with fewer privileges and reduced attack surface.
- The changes aim to minimize the number of CVEs related to core dump handling in the future.