summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/coredump.c2
-rw-r--r--fs/exec.c10
-rw-r--r--fs/proc/internal.h3
-rw-r--r--include/linux/sched.h5
-rw-r--r--kernel/sysctl.c2
5 files changed, 9 insertions, 13 deletions
diff --git a/fs/coredump.c b/fs/coredump.c
index 69baf903d3bd..c6479658d487 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -501,7 +501,7 @@ void do_coredump(siginfo_t *siginfo)
501 * so we dump it as root in mode 2, and only into a controlled 501 * so we dump it as root in mode 2, and only into a controlled
502 * environment (pipe handler or fully qualified path). 502 * environment (pipe handler or fully qualified path).
503 */ 503 */
504 if (__get_dumpable(cprm.mm_flags) == SUID_DUMPABLE_SAFE) { 504 if (__get_dumpable(cprm.mm_flags) == SUID_DUMP_ROOT) {
505 /* Setuid core dump mode */ 505 /* Setuid core dump mode */
506 flag = O_EXCL; /* Stop rewrite attacks */ 506 flag = O_EXCL; /* Stop rewrite attacks */
507 cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ 507 cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */
diff --git a/fs/exec.c b/fs/exec.c
index 864c50df660a..a96a4885bbbf 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1111,7 +1111,7 @@ void setup_new_exec(struct linux_binprm * bprm)
1111 current->sas_ss_sp = current->sas_ss_size = 0; 1111 current->sas_ss_sp = current->sas_ss_size = 0;
1112 1112
1113 if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid())) 1113 if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid()))
1114 set_dumpable(current->mm, SUID_DUMPABLE_ENABLED); 1114 set_dumpable(current->mm, SUID_DUMP_USER);
1115 else 1115 else
1116 set_dumpable(current->mm, suid_dumpable); 1116 set_dumpable(current->mm, suid_dumpable);
1117 1117
@@ -1639,17 +1639,17 @@ EXPORT_SYMBOL(set_binfmt);
1639void set_dumpable(struct mm_struct *mm, int value) 1639void set_dumpable(struct mm_struct *mm, int value)
1640{ 1640{
1641 switch (value) { 1641 switch (value) {
1642 case SUID_DUMPABLE_DISABLED: 1642 case SUID_DUMP_DISABLE:
1643 clear_bit(MMF_DUMPABLE, &mm->flags); 1643 clear_bit(MMF_DUMPABLE, &mm->flags);
1644 smp_wmb(); 1644 smp_wmb();
1645 clear_bit(MMF_DUMP_SECURELY, &mm->flags); 1645 clear_bit(MMF_DUMP_SECURELY, &mm->flags);
1646 break; 1646 break;
1647 case SUID_DUMPABLE_ENABLED: 1647 case SUID_DUMP_USER:
1648 set_bit(MMF_DUMPABLE, &mm->flags); 1648 set_bit(MMF_DUMPABLE, &mm->flags);
1649 smp_wmb(); 1649 smp_wmb();
1650 clear_bit(MMF_DUMP_SECURELY, &mm->flags); 1650 clear_bit(MMF_DUMP_SECURELY, &mm->flags);
1651 break; 1651 break;
1652 case SUID_DUMPABLE_SAFE: 1652 case SUID_DUMP_ROOT:
1653 set_bit(MMF_DUMP_SECURELY, &mm->flags); 1653 set_bit(MMF_DUMP_SECURELY, &mm->flags);
1654 smp_wmb(); 1654 smp_wmb();
1655 set_bit(MMF_DUMPABLE, &mm->flags); 1655 set_bit(MMF_DUMPABLE, &mm->flags);
@@ -1662,7 +1662,7 @@ int __get_dumpable(unsigned long mm_flags)
1662 int ret; 1662 int ret;
1663 1663
1664 ret = mm_flags & MMF_DUMPABLE_MASK; 1664 ret = mm_flags & MMF_DUMPABLE_MASK;
1665 return (ret > SUID_DUMPABLE_ENABLED) ? SUID_DUMPABLE_SAFE : ret; 1665 return (ret > SUID_DUMP_USER) ? SUID_DUMP_ROOT : ret;
1666} 1666}
1667 1667
1668int get_dumpable(struct mm_struct *mm) 1668int get_dumpable(struct mm_struct *mm)
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index 252544c05207..85ff3a4598b3 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -11,6 +11,7 @@
11 11
12#include <linux/sched.h> 12#include <linux/sched.h>
13#include <linux/proc_fs.h> 13#include <linux/proc_fs.h>
14#include <linux/binfmts.h>
14struct ctl_table_header; 15struct ctl_table_header;
15struct mempolicy; 16struct mempolicy;
16 17
@@ -108,7 +109,7 @@ static inline int task_dumpable(struct task_struct *task)
108 if (mm) 109 if (mm)
109 dumpable = get_dumpable(mm); 110 dumpable = get_dumpable(mm);
110 task_unlock(task); 111 task_unlock(task);
111 if (dumpable == SUID_DUMPABLE_ENABLED) 112 if (dumpable == SUID_DUMP_USER)
112 return 1; 113 return 1;
113 return 0; 114 return 0;
114} 115}
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 6853bf947fde..d35d2b6ddbfb 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -346,11 +346,6 @@ static inline void arch_pick_mmap_layout(struct mm_struct *mm) {}
346extern void set_dumpable(struct mm_struct *mm, int value); 346extern void set_dumpable(struct mm_struct *mm, int value);
347extern int get_dumpable(struct mm_struct *mm); 347extern int get_dumpable(struct mm_struct *mm);
348 348
349/* get/set_dumpable() values */
350#define SUID_DUMPABLE_DISABLED 0
351#define SUID_DUMPABLE_ENABLED 1
352#define SUID_DUMPABLE_SAFE 2
353
354/* mm flags */ 349/* mm flags */
355/* dumpable bits */ 350/* dumpable bits */
356#define MMF_DUMPABLE 0 /* core dump is permitted */ 351#define MMF_DUMPABLE 0 /* core dump is permitted */
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index d8df00e69c14..d1b4ee67d2df 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2095,7 +2095,7 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
2095static void validate_coredump_safety(void) 2095static void validate_coredump_safety(void)
2096{ 2096{
2097#ifdef CONFIG_COREDUMP 2097#ifdef CONFIG_COREDUMP
2098 if (suid_dumpable == SUID_DUMPABLE_SAFE && 2098 if (suid_dumpable == SUID_DUMP_ROOT &&
2099 core_pattern[0] != '/' && core_pattern[0] != '|') { 2099 core_pattern[0] != '/' && core_pattern[0] != '|') {
2100 printk(KERN_WARNING "Unsafe core_pattern used with "\ 2100 printk(KERN_WARNING "Unsafe core_pattern used with "\
2101 "suid_dumpable=2. Pipe handler or fully qualified "\ 2101 "suid_dumpable=2. Pipe handler or fully qualified "\
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-16 20:18:23 -0400