From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Morton Subject: Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3 Date: Fri, 22 Jun 2012 12:55:51 -0700 Message-ID: <20120622125551.269552c2.akpm@linux-foundation.org> References: <20120622192413.GA5774@www.outflux.net> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: linux-kernel@vger.kernel.org, Alan Cox , "Eric W. Biederman" , Alexander Viro , Rob Landley , Ingo Molnar , Peter Zijlstra , Doug Ledford , Marcel Holtmann , Serge Hallyn , Joe Korty , David Howells , James Morris , linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org To: Kees Cook Return-path: In-Reply-To: <20120622192413.GA5774@www.outflux.net> Sender: linux-doc-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Fri, 22 Jun 2012 12:24:13 -0700 Kees Cook wrote: > The value > of suid_dumpable=2 is now historic, and attempting to set this sysctl > value returns -EINVAL. This sounds a bit harsh - will it not cause existing configurations to immediately break? If so, would it not be better to retain the =2 mode for a while, and emit a nice warning when it is set? > > ... > > +/* Allow only the valid suid_dumpable values. */ > +static int do_proc_dointvec_suid_dumpable_conv(bool *negp, > + unsigned long *lvalp, int *valp, int write, void *data) > +{ > + if (write) { > + int val = *negp ? -*lvalp : *lvalp; > + if (val != SUID_DUMPABLE_DISABLED && > + val != SUID_DUMPABLE_ENABLED && > + val != SUID_DUMPABLE_PIPE_ONLY) > + return -EINVAL; > + *valp = val; > + } else { > + int val = *valp; > + if (val < 0) { > + *negp = true; > + *lvalp = (unsigned long)-val; > + } else { > + *negp = false; > + *lvalp = (unsigned long)val; Those two typecasts are unneeded. > + } > + } > + return 0; > +} > +