Re: [PATCH] coredump - as root not only if euid switched

[Peter Waechtler]

On Thursday, April 22, 2004, at 09:53PM, Chris Wright <chrisw@xxxxxxxx> wrote:

>* Peter W�chtler (pwaechtler@xxxxxxx) wrote:
>> Am Do, 2004-04-22 um 11.56 schrieb Andrew Morton:
>> > Peter Waechtler <pwaechtler@xxxxxxx> wrote:
>> > >
>> > >  >(why are you trying to unlink the old file anyway?)
>> > >  >
>> > > 
>> > >  For security measure :O
>> > >  I tried on solaris: touch the core file as user, open it and wait, dump core
>> > >  as root -> nope, couldn't read the damn core - it was unlinked and created!
>> > 
>> > hm, OK.  There's a window in which someone can come in and recreate the
>> > file, but the open is using O_EXCL|O_CREATE so that seems safe enough.
>> 
>> So here is the updated patch with an open coded call to sys_unlink
>
>This patch breaks various ptrace() checks.
>
>thanks,

please
Care to share your wisdom? No? Then please don't reply

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/