diff options
| author | Kees Cook <keescook@chromium.org> | 2012-07-30 17:39:18 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-07-30 20:25:11 -0400 |
| commit | 54b501992dd2a839e94e76aa392c392b55080ce8 (patch) | |
| tree | 6d174fb95516f01e385d31d5ef87a248d8740fd2 /fs/exec.c | |
| parent | 9520628e8ceb69fa9a4aee6b57f22675d9e1b709 (diff) | |
coredump: warn about unsafe suid_dumpable / core_pattern combo
When suid_dumpable=2, detect unsafe core_pattern settings and warn when
they are seen.
Signed-off-by: Kees Cook <keescook@chromium.org>
Suggested-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Alan Cox <alan@linux.intel.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Doug Ledford <dledford@redhat.com>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Cc: James Morris <james.l.morris@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/exec.c')
| -rw-r--r-- | fs/exec.c | 10 |
1 files changed, 5 insertions, 5 deletions
| @@ -2002,17 +2002,17 @@ static void coredump_finish(struct mm_struct *mm) | |||
| 2002 | void set_dumpable(struct mm_struct *mm, int value) | 2002 | void set_dumpable(struct mm_struct *mm, int value) |
| 2003 | { | 2003 | { |
| 2004 | switch (value) { | 2004 | switch (value) { |
| 2005 | case 0: | 2005 | case SUID_DUMPABLE_DISABLED: |
| 2006 | clear_bit(MMF_DUMPABLE, &mm->flags); | 2006 | clear_bit(MMF_DUMPABLE, &mm->flags); |
| 2007 | smp_wmb(); | 2007 | smp_wmb(); |
| 2008 | clear_bit(MMF_DUMP_SECURELY, &mm->flags); | 2008 | clear_bit(MMF_DUMP_SECURELY, &mm->flags); |
| 2009 | break; | 2009 | break; |
| 2010 | case 1: | 2010 | case SUID_DUMPABLE_ENABLED: |
| 2011 | set_bit(MMF_DUMPABLE, &mm->flags); | 2011 | set_bit(MMF_DUMPABLE, &mm->flags); |
| 2012 | smp_wmb(); | 2012 | smp_wmb(); |
| 2013 | clear_bit(MMF_DUMP_SECURELY, &mm->flags); | 2013 | clear_bit(MMF_DUMP_SECURELY, &mm->flags); |
| 2014 | break; | 2014 | break; |
| 2015 | case 2: | 2015 | case SUID_DUMPABLE_SAFE: |
| 2016 | set_bit(MMF_DUMP_SECURELY, &mm->flags); | 2016 | set_bit(MMF_DUMP_SECURELY, &mm->flags); |
| 2017 | smp_wmb(); | 2017 | smp_wmb(); |
| 2018 | set_bit(MMF_DUMPABLE, &mm->flags); | 2018 | set_bit(MMF_DUMPABLE, &mm->flags); |
| @@ -2025,7 +2025,7 @@ static int __get_dumpable(unsigned long mm_flags) | |||
| 2025 | int ret; | 2025 | int ret; |
| 2026 | 2026 | ||
| 2027 | ret = mm_flags & MMF_DUMPABLE_MASK; | 2027 | ret = mm_flags & MMF_DUMPABLE_MASK; |
| 2028 | return (ret >= 2) ? 2 : ret; | 2028 | return (ret > SUID_DUMPABLE_ENABLED) ? SUID_DUMPABLE_SAFE : ret; |
| 2029 | } | 2029 | } |
| 2030 | 2030 | ||
| 2031 | int get_dumpable(struct mm_struct *mm) | 2031 | int get_dumpable(struct mm_struct *mm) |
| @@ -2142,7 +2142,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) | |||
| 2142 | * so we dump it as root in mode 2, and only into a controlled | 2142 | * so we dump it as root in mode 2, and only into a controlled |
| 2143 | * environment (pipe handler or fully qualified path). | 2143 | * environment (pipe handler or fully qualified path). |
| 2144 | */ | 2144 | */ |
| 2145 | if (__get_dumpable(cprm.mm_flags) == 2) { | 2145 | if (__get_dumpable(cprm.mm_flags) == SUID_DUMPABLE_SAFE) { |
| 2146 | /* Setuid core dump mode */ | 2146 | /* Setuid core dump mode */ |
| 2147 | flag = O_EXCL; /* Stop rewrite attacks */ | 2147 | flag = O_EXCL; /* Stop rewrite attacks */ |
| 2148 | cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ | 2148 | cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ |