From: Rob Landley <rob@landley.net>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Alan Cox <alan@linux.intel.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Doug Ledford <dledford@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Marcel Holtmann <marcel@holtmann.org>,
Serge Hallyn <serge.hallyn@canonical.com>,
Joe Korty <joe.korty@ccur.com>,
David Howells <dhowells@redhat.com>,
James Morris <james.l.morris@oracle.com>,
linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3
Date: Sat, 23 Jun 2012 17:34:21 -0500 [thread overview]
Message-ID: <4FE6446D.20101@landley.net> (raw)
In-Reply-To: <20120622192413.GA5774@www.outflux.net>
On 06/22/2012 02:24 PM, Kees Cook wrote:
> When the suid_dumpable sysctl is set to "2", and there is no core
> dump pipe defined in the core_pattern sysctl, a local user can cause
> core files to be written to root-writable directories, potentially with
> user-controlled content. This means an admin can unknowningly reintroduce
> a variation of CVE-2006-2451.
...
> --- a/Documentation/sysctl/fs.txt
> +++ b/Documentation/sysctl/fs.txt
> @@ -167,12 +167,12 @@ or otherwise protected/tainted binaries. The modes are
> 1 - (debug) - all processes dump core when possible. The core dump is
> owned by the current user and no security is applied. This is
> intended for system debugging situations only. Ptrace is unchecked.
> -2 - (suidsafe) - any binary which normally would not be dumped is dumped
> - readable by root only. This allows the end user to remove
> - such a dump but not access it directly. For security reasons
> - core dumps in this mode will not overwrite one another or
> - other files. This mode is appropriate when administrators are
> - attempting to debug problems in a normal environment.
> +2 - (suidsafe) - no longer allowed (returns -EINVAL).
Random comment: a reference to the CVE might be good here.
Rob
--
GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code.
Either it's "mere aggregation", or a license violation. Pick one.
prev parent reply other threads:[~2012-06-23 22:34 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-22 19:24 [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3 Kees Cook
2012-06-22 19:55 ` Andrew Morton
2012-06-22 21:09 ` Kees Cook
2012-06-22 21:34 ` Andrew Morton
2012-06-22 21:51 ` Kees Cook
2012-06-22 21:51 ` Kees Cook
2012-06-22 21:57 ` Andrew Morton
2012-06-22 22:07 ` Kees Cook
2012-06-22 22:20 ` Andrew Morton
2012-06-22 22:26 ` Kees Cook
2012-06-23 7:30 ` James Morris
2012-06-23 22:34 ` Rob Landley [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FE6446D.20101@landley.net \
--to=rob@landley.net \
--cc=akpm@linux-foundation.org \
--cc=alan@linux.intel.com \
--cc=dhowells@redhat.com \
--cc=dledford@redhat.com \
--cc=ebiederm@xmission.com \
--cc=james.l.morris@oracle.com \
--cc=joe.korty@ccur.com \
--cc=keescook@chromium.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=serge.hallyn@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.