Re: [PATCH] coredump - as root not only if euid switched

From: Chris Wright
Date: Thu Apr 22 2004 - 15:04:34 EST

Next message: Giridhar Pemmasani: "Re: patch to make suspend/resume work"
Previous message: Pavel Machek: "Re: patch to make suspend/resume work"
In reply to: Peter Wächtler: "Re: [PATCH] coredump - as root not only if euid switched"
Next in thread: Linus Torvalds: "Re: [PATCH] coredump - as root not only if euid switched"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Peter Wächtler (pwaechtler@xxxxxxx) wrote:
> Am Do, 2004-04-22 um 11.56 schrieb Andrew Morton:
> > Peter Waechtler <pwaechtler@xxxxxxx> wrote:
> > >
> > > >(why are you trying to unlink the old file anyway?)
> > > >
> > >
> > > For security measure :O
> > > I tried on solaris: touch the core file as user, open it and wait, dump core
> > > as root -> nope, couldn't read the damn core - it was unlinked and created!
> >
> > hm, OK. There's a window in which someone can come in and recreate the
> > file, but the open is using O_EXCL|O_CREATE so that seems safe enough.
>
> So here is the updated patch with an open coded call to sys_unlink

This patch breaks various ptrace() checks.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Giridhar Pemmasani: "Re: patch to make suspend/resume work"
Previous message: Pavel Machek: "Re: patch to make suspend/resume work"
In reply to: Peter Wächtler: "Re: [PATCH] coredump - as root not only if euid switched"
Next in thread: Linus Torvalds: "Re: [PATCH] coredump - as root not only if euid switched"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]