Add security note on CoreDumpDirectory for Linux.

author Joe Orton <jorton@apache.org>

Tue, 16 Apr 2019 07:54:27 +0000 (07:54 +0000)

committer Joe Orton <jorton@apache.org>

Tue, 16 Apr 2019 07:54:27 +0000 (07:54 +0000)
author Joe Orton <jorton@apache.org>
Tue, 16 Apr 2019 07:54:27 +0000 (07:54 +0000)
committer Joe Orton <jorton@apache.org>
Tue, 16 Apr 2019 07:54:27 +0000 (07:54 +0000)
diff --git a/docs/manual/mod/mpm_common.xml b/docs/manual/mod/mpm_common.xml

index 682caf14b01c52efa4b9d37444b64f5f891d8573..6f755233f692fbe8319cf94ae6e0a36d9716eb17 100644 (file)
--- a/docs/manual/mod/mpm_common.xml
+++ b/docs/manual/mod/mpm_common.xml
@@ -50,6 +50,17 @@ switch before dumping core</description>
      operating system is not configured to write core files to the working directory
      of the crashing processes.</p>
  
+    <note type="warning">
+      <title>Security note for Linux systems</title>
+
+      <p>Using this directive on Linux may allow other processes on
+      the system (if running with similar privileges, such as CGI
+      scripts) to attach to httpd children via the <code>ptrace</code>
+      system call.  This may make weaken the protection from certain
+      security attacks.  It is not recommended to use this directive
+      on production systems.</p>
+    </note>
+    
      <note><title>Core Dumps on Linux</title>
        <p>If Apache httpd starts as root and switches to another user, the
        Linux kernel <em>disables</em> core dumps even if the directory is
author	Joe Orton <jorton@apache.org>
	Tue, 16 Apr 2019 07:54:27 +0000 (07:54 +0000)
committer	Joe Orton <jorton@apache.org>
	Tue, 16 Apr 2019 07:54:27 +0000 (07:54 +0000)