mirror of
https://github.com/adulau/aha.git
synced 2024-12-27 19:26:25 +00:00
core dump: remain dumpable
The coredump code always calls set_dumpable(0) when it starts (even if RLIMIT_CORE prevents any core from being dumped). The effect of this (via task_dumpable) is to make /proc/pid/* files owned by root instead of the user, so the user can no longer examine his own process--in a case where there was never any privileged data to protect. This affects e.g. auxv, environ, fd; in Fedora (execshield) kernels, also maps. In practice, you can only notice this when a debugger has requested PTRACE_EVENT_EXIT tracing. set_dumpable was only used in do_coredump for synchronization and not intended for any security purpose. (It doesn't secure anything that wasn't already unsecured when a process dies by SIGTERM instead of SIGQUIT.) This changes do_coredump to check the core_waiters count as the means of synchronization, which is sufficient. Now we leave the "dumpable" bits alone. Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
6e800af233
commit
00ec99da43
1 changed files with 4 additions and 2 deletions
|
@ -1692,7 +1692,10 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
|
|||
if (!binfmt || !binfmt->core_dump)
|
||||
goto fail;
|
||||
down_write(&mm->mmap_sem);
|
||||
if (!get_dumpable(mm)) {
|
||||
/*
|
||||
* If another thread got here first, or we are not dumpable, bail out.
|
||||
*/
|
||||
if (mm->core_waiters || !get_dumpable(mm)) {
|
||||
up_write(&mm->mmap_sem);
|
||||
goto fail;
|
||||
}
|
||||
|
@ -1706,7 +1709,6 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
|
|||
flag = O_EXCL; /* Stop rewrite attacks */
|
||||
current->fsuid = 0; /* Dump root private */
|
||||
}
|
||||
set_dumpable(mm, 0);
|
||||
|
||||
retval = coredump_wait(exit_code);
|
||||
if (retval < 0)
|
||||
|
|
Loading…
Reference in a new issue