Add security note on CoreDumpDirectory for Linux.
Reviewed by: icing, elukey
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1857626 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/docs/manual/mod/mpm_common.xml b/docs/manual/mod/mpm_common.xml
index 682caf1..6f75523 100644
--- a/docs/manual/mod/mpm_common.xml
+++ b/docs/manual/mod/mpm_common.xml
@@ -50,6 +50,17 @@
operating system is not configured to write core files to the working directory
of the crashing processes.</p>
+ <note type="warning">
+ <title>Security note for Linux systems</title>
+
+ <p>Using this directive on Linux may allow other processes on
+ the system (if running with similar privileges, such as CGI
+ scripts) to attach to httpd children via the <code>ptrace</code>
+ system call. This may make weaken the protection from certain
+ security attacks. It is not recommended to use this directive
+ on production systems.</p>
+ </note>
+
<note><title>Core Dumps on Linux</title>
<p>If Apache httpd starts as root and switches to another user, the
Linux kernel <em>disables</em> core dumps even if the directory is
