Re: [PATCH] coredump - as root not only if euid switched

[Andrew Morton]

Peter Wächtler <pwaechtler@xxxxxxx> wrote:
>
> While it's more secure to not dump core at all if the program has
>  switched euid, it's also very unpractical. Since only programs 
>  started from root, being setuid root or have CAP_SETUID it's far 
>  more practical to dump as root.root mode 600. This is the bahavior 
>  of Solaris.
> 
>  The current implementation does not ensure that an existing core
>  file is only readable as root, i.e. after dumping the ownership 
>  and mode is unchanged.
> 
>  Besides mm->dumpable to avoid recursive core dumps, on setuid files 
>  the dumpable flag still prevents a core dump while seteuid & co will
>  result in a core only readable as root.

It's a bit sad to add another function call level to sys_unlink() simply
because the core dumping code needs it.

Is it not possible to call sys_unlink() directly from there?  Something like

long kernel_unlink(const char *name)
{
	mm_segment_t old_fs = get_fs();
	long ret;

	set_fs(KERNEL_DS);
	ret = sys_unlink(name);
	set_fs(old_fs);
	return ret;
}	
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/