kernel-ark/kernel
Alan Cox d6e7114481 [PATCH] setuid core dump
Add a new `suid_dumpable' sysctl:

This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are

0 - (default) - traditional behaviour.  Any process which has changed
    privilege levels or is execute only will not be dumped

1 - (debug) - all processes dump core when possible.  The core dump is
    owned by the current user and no security is applied.  This is intended
    for system debugging situations only.  Ptrace is unchecked.

2 - (suidsafe) - any binary which normally would not be dumped is dumped
    readable by root only.  This allows the end user to remove such a dump but
    not access it directly.  For security reasons core dumps in this mode will
    not overwrite one another or other files.  This mode is appropriate when
    adminstrators are attempting to debug problems in a normal environment.

(akpm:

> > +EXPORT_SYMBOL(suid_dumpable);
>
> EXPORT_SYMBOL_GPL?

No problem to me.

> >  	if (current->euid == current->uid && current->egid == current->gid)
> >  		current->mm->dumpable = 1;
>
> Should this be SUID_DUMP_USER?

Actually the feedback I had from last time was that the SUID_ defines
should go because its clearer to follow the numbers. They can go
everywhere (and there are lots of places where dumpable is tested/used
as a bool in untouched code)

> Maybe this should be renamed to `dump_policy' or something.  Doing that
> would help us catch any code which isn't using the #defines, too.

Fair comment. The patch was designed to be easy to maintain for Red Hat
rather than for merging. Changing that field would create a gigantic
diff because it is used all over the place.

)

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 09:45:26 -07:00
..
irq [PATCH] uml: make hw_controller_type->release exist only for archs needing it 2005-06-21 19:07:32 -07:00
power [PATCH] smp_processor_id() cleanup 2005-06-21 18:46:13 -07:00
acct.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
audit.c AUDIT: Unify auid reporting, put arch before syscall number 2005-05-23 21:35:28 +01:00
auditsc.c AUDIT: Record working directory when syscall arguments are pathnames 2005-05-27 12:17:28 +01:00
capability.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
compat.c [PATCH] Fix get_compat_sigevent() 2005-04-16 15:24:01 -07:00
configs.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cpu.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cpuset.c [PATCH] remove duplicate get_dentry functions in various places 2005-06-23 09:45:20 -07:00
dma.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
exec_domain.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
exit.c [PATCH] avoid resursive oopses 2005-06-23 09:45:20 -07:00
extable.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
fork.c [PATCH] dup_mmap: update comment on new vma 2005-06-21 18:46:19 -07:00
futex.c [PATCH] convert that currently tests _NSIG directly to use valid_signal() 2005-05-01 08:59:14 -07:00
intermodule.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
itimer.c [PATCH] setitimer timer expires too early 2005-05-05 16:36:41 -07:00
kallsyms.c [PATCH] ppc32: platform-specific functions missing from kallsyms. 2005-05-05 16:36:31 -07:00
Kconfig.hz [PATCH] i386: Selectable Frequency of the Timer Interrupt 2005-06-23 09:45:10 -07:00
kfifo.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
kmod.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
kprobes.c [PATCH] jprobes: allow a jprobe to coexist with muliple kprobes 2005-06-23 09:45:25 -07:00
ksysfs.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
kthread.c [PATCH] use smp_mb/wmb/rmb where possible 2005-05-01 08:58:47 -07:00
Makefile [PATCH] ppc64: remove hidden -fno-omit-frame-pointer for schedule.c 2005-05-05 16:36:32 -07:00
module.c [PATCH] smp_processor_id() cleanup 2005-06-21 18:46:13 -07:00
panic.c [SPARC]: Stop-A printk cleanup 2005-04-24 20:38:02 -07:00
params.c [PATCH] sysfs: (rest) if show/store is missing return -EIO 2005-06-20 15:15:03 -07:00
pid.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
posix-cpu-timers.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
posix-timers.c [PATCH] posix-timers: use try_to_del_timer_sync() 2005-06-23 09:45:17 -07:00
printk.c [PATCH] CON_CONSDEV bit not set correctly on last console 2005-06-23 09:45:18 -07:00
profile.c [PATCH] profile.c: `schedule' parsing fix 2005-05-17 07:59:21 -07:00
ptrace.c [PATCH] convert that currently tests _NSIG directly to use valid_signal() 2005-05-01 08:59:14 -07:00
rcupdate.c [PATCH] Deprecate synchronize_kernel, GPL replacement 2005-05-01 08:59:04 -07:00
resource.c [PATCH] pci enumeration on ixp2000: overflow in kernel/resource.c 2005-04-16 15:25:58 -07:00
sched.c [PATCH] preempt_count is int - remove cast and don't assign to unsigned type 2005-06-23 09:45:19 -07:00
seccomp.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
signal.c Merge with master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2005-06-02 16:39:11 +01:00
softirq.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
spinlock.c [PATCH] spin_unlock_bh() and preempt_check_resched() 2005-05-21 10:46:48 -07:00
stop_machine.c [PATCH] smp_processor_id() cleanup 2005-06-21 18:46:13 -07:00
sys_ni.c [PATCH] VM: early zone reclaim 2005-06-21 18:46:14 -07:00
sys.c [PATCH] setuid core dump 2005-06-23 09:45:26 -07:00
sysctl.c [PATCH] setuid core dump 2005-06-23 09:45:26 -07:00
time.c [PATCH] time interpolator: Fix settimeofday inaccuracy 2005-04-28 08:13:58 -07:00
timer.c [PATCH] preempt_count is int - remove cast and don't assign to unsigned type 2005-06-23 09:45:19 -07:00
uid16.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
user.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
wait.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
workqueue.c [PATCH] re-export cancel_rearming_delayed_workqueue 2005-04-16 15:23:59 -07:00