From: ebiederm@xmission.com (Eric W. Biederman)
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Rob Landley <rob@landley.net>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Alan Cox <alan@linux.intel.com>,
Marcel Holtmann <marcel@holtmann.org>,
Doug Ledford <dledford@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Serge Hallyn <serge.hallyn@canonical.com>,
Joe Korty <joe.korty@ccur.com>,
David Howells <dhowells@redhat.com>,
James Morris <james.l.morris@oracle.com>,
linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2] fs: introduce pipe-only dump mode suid_dumpable=3
Date: Fri, 22 Jun 2012 07:21:21 -0700 [thread overview]
Message-ID: <87ipejo2am.fsf@xmission.com> (raw)
In-Reply-To: <20120622000049.GA7877@www.outflux.net> (Kees Cook's message of "Thu, 21 Jun 2012 17:00:49 -0700")
Kees Cook <keescook@chromium.org> writes:
> This patch introduces suid_dumpable=3 to allow privilege-changed processes
> to be dumped only to a pipe handler (and not directly to disk). The value
> of suid_dumpable=2 is now deprecated, and attempting to set this sysctl
> value returns -EINVAL.
Your patch descriptoin is wrong. Deprecate means something is encouraged
not to be used not that the functionality is removed. I think what
you are trying to say is that the value suid_dumpable=2 is now historic.
Your implementation is absolutely gross. Reading the value from
twice from user space?? Is an if statement that hard to code?
Eric
> +/* Allow only the integers 0, 1, and 3. */
> +static int proc_dointvec_suid_dumpable(struct ctl_table *table, int write,
> + void __user *buffer, size_t *lenp, loff_t *ppos)
> +{
> + int rc, min, max;
> + struct do_proc_dointvec_minmax_conv_param param = {
> + .min = &min,
> + .max = &max,
> + };
> +
> + min = 0;
> + max = 1;
> + rc = do_proc_dointvec(table, write, buffer, lenp, ppos,
> + do_proc_dointvec_minmax_conv, ¶m);
> + if (rc != -EINVAL)
> + return rc;
> +
> + min = 3;
> + max = 3;
> + rc = do_proc_dointvec(table, write, buffer, lenp, ppos,
> + do_proc_dointvec_minmax_conv, ¶m);
> + return rc;
> +}
> +
> static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write,
> void __user *buffer,
> size_t *lenp, loff_t *ppos,
next prev parent reply other threads:[~2012-06-22 14:21 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-22 0:00 [PATCH v2] fs: introduce pipe-only dump mode suid_dumpable=3 Kees Cook
2012-06-22 11:56 ` Alan Cox
2012-06-22 14:21 ` Eric W. Biederman [this message]
2012-06-22 15:30 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ipejo2am.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=alan@linux.intel.com \
--cc=dhowells@redhat.com \
--cc=dledford@redhat.com \
--cc=james.l.morris@oracle.com \
--cc=joe.korty@ccur.com \
--cc=keescook@chromium.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=rob@landley.net \
--cc=serge.hallyn@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.