24 Jun 2012 00:34
Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3
Rob Landley <rob <at> landley.net>
2012-06-23 22:34:21 GMT
2012-06-23 22:34:21 GMT
On 06/22/2012 02:24 PM, Kees Cook wrote: > When the suid_dumpable sysctl is set to "2", and there is no core > dump pipe defined in the core_pattern sysctl, a local user can cause > core files to be written to root-writable directories, potentially with > user-controlled content. This means an admin can unknowningly reintroduce > a variation of CVE-2006-2451. ... > --- a/Documentation/sysctl/fs.txt > +++ b/Documentation/sysctl/fs.txt > <at> <at> -167,12 +167,12 <at> <at> or otherwise protected/tainted binaries. The modes are > 1 - (debug) - all processes dump core when possible. The core dump is > owned by the current user and no security is applied. This is > intended for system debugging situations only. Ptrace is unchecked. > -2 - (suidsafe) - any binary which normally would not be dumped is dumped > - readable by root only. This allows the end user to remove > - such a dump but not access it directly. For security reasons > - core dumps in this mode will not overwrite one another or > - other files. This mode is appropriate when administrators are > - attempting to debug problems in a normal environment. > +2 - (suidsafe) - no longer allowed (returns -EINVAL). Random comment: a reference to the CVE might be good here. Rob -- -- GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code. Either it's "mere aggregation", or a license violation. Pick one.
RSS Feed