From mboxrd@z Thu Jan  1 00:00:00 1970
From: ebiederm@xmission.com (Eric W. Biederman)
Subject: Re: [PATCH v2] fs: introduce pipe-only dump mode suid_dumpable=3
Date: Fri, 22 Jun 2012 07:21:21 -0700
Message-ID: <87ipejo2am.fsf@xmission.com>
References: <20120622000049.GA7877@www.outflux.net>
Mime-Version: 1.0
Content-Type: text/plain
Cc: linux-kernel@vger.kernel.org, Rob Landley <rob@landley.net>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Alan Cox <alan@linux.intel.com>,
	Marcel Holtmann <marcel@holtmann.org>,
	Doug Ledford <dledford@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Serge Hallyn <serge.hallyn@canonical.com>,
	Joe Korty <joe.korty@ccur.com>,
	David Howells <dhowells@redhat.com>,
	James Morris <james.l.morris@oracle.com>,
	linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org
To: Kees Cook <keescook@chromium.org>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from out01.mta.xmission.com ([166.70.13.231]:46154 "EHLO
	out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1762132Ab2FVOVh (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Fri, 22 Jun 2012 10:21:37 -0400
In-Reply-To: <20120622000049.GA7877@www.outflux.net> (Kees Cook's message of
	"Thu, 21 Jun 2012 17:00:49 -0700")
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Kees Cook <keescook@chromium.org> writes:

> This patch introduces suid_dumpable=3 to allow privilege-changed processes
> to be dumped only to a pipe handler (and not directly to disk). The value
> of suid_dumpable=2 is now deprecated, and attempting to set this sysctl
> value returns -EINVAL.

Your patch descriptoin is wrong.  Deprecate means something is encouraged
not to be used not that the functionality is removed.  I think what
you are trying to say is that the value suid_dumpable=2 is now historic.

Your implementation is absolutely gross.  Reading the value from
twice from user space??    Is an if statement that hard to code?

Eric

> +/* Allow only the integers 0, 1, and 3. */
> +static int proc_dointvec_suid_dumpable(struct ctl_table *table, int write,
> +		void __user *buffer, size_t *lenp, loff_t *ppos)
> +{
> +	int rc, min, max;
> +	struct do_proc_dointvec_minmax_conv_param param = {
> +		.min = &min,
> +		.max = &max,
> +	};
> +
> +	min = 0;
> +	max = 1;
> +	rc = do_proc_dointvec(table, write, buffer, lenp, ppos,
> +			      do_proc_dointvec_minmax_conv, &param);
> +	if (rc != -EINVAL)
> +		return rc;
> +
> +	min = 3;
> +	max = 3;
> +	rc = do_proc_dointvec(table, write, buffer, lenp, ppos,
> +			      do_proc_dointvec_minmax_conv, &param);
> +	return rc;
> +}
> +
>  static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write,
>  				     void __user *buffer,
>  				     size_t *lenp, loff_t *ppos,