Re: [PATCH] coredump - as root not only if euid switched

[Peter Waechtler]

On Thursday, April 22, 2004, at 10:05PM, Linus Torvalds <torvalds@xxxxxxxx> wrote:

>
>
>On Thu, 22 Apr 2004, Peter W�chtler wrote:
>>
>> > hm, OK.  There's a window in which someone can come in and recreate the
>> > file, but the open is using O_EXCL|O_CREATE so that seems safe enough.
>> 
>> So here is the updated patch with an open coded call to sys_unlink
>
>Aughr. 
>
>Wouldn't it be much nicer to just refuse to overwrite files owned by 
>anybody else?
>
>In other words, I'd much rather see a patch that is a much simpler one, 
>which just says: if we opened an existing file, we won't touch it if we 
>weren't the owners of it.
>
>That should be safe for root _and_ it should be safe for people who 
>already had a file descriptor open previously (hey, if the previous 
>root-owned core-file was world readable, then what else is new?)
>

the previous core was owned by user.donttellyourwisdom
The root process happily dumps it's core into it, doesn't change 
ownership nor permissions.

>Tell me why this isn't simpler?
>
I can't it's simpler.
If you are interested in the core (you don't because you don't make 
errors, you don't even use debuggers but change the VM ;> )
you get it, otherwise you have an old one.

>
>---
>--- 1.111/fs/exec.c	Wed Apr 21 02:11:57 2004
>+++ edited/fs/exec.c	Thu Apr 22 13:03:27 2004
>@@ -1378,6 +1378,8 @@
> 	inode = file->f_dentry->d_inode;
> 	if (inode->i_nlink > 1)
> 		goto close_fail;	/* multiple links - don't dump */
>+	if (inode->i_uid != current->euid || inode->i_gid != current->egid)
>+		goto close_fail;
> 	if (d_unhashed(file->f_dentry))
> 		goto close_fail;
> 
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/