aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorAlan Cox <alan@lxorguk.ukuu.org.uk>2005-06-23 03:09:43 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-06-23 12:45:26 -0400
commitd6e711448137ca3301512cec41a2c2ce852b3d0a (patch)
treef0765ebd90fdbdf270c05fcd7f3d32b24ba56681 /Documentation
parent8b0914ea7475615c7c8965c1ac8fe4069270f25c (diff)
[PATCH] setuid core dump
Add a new `suid_dumpable' sysctl: This value can be used to query and set the core dump mode for setuid or otherwise protected/tainted binaries. The modes are 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped 1 - (debug) - all processes dump core when possible. The core dump is owned by the current user and no security is applied. This is intended for system debugging situations only. Ptrace is unchecked. 2 - (suidsafe) - any binary which normally would not be dumped is dumped readable by root only. This allows the end user to remove such a dump but not access it directly. For security reasons core dumps in this mode will not overwrite one another or other files. This mode is appropriate when adminstrators are attempting to debug problems in a normal environment. (akpm: > > +EXPORT_SYMBOL(suid_dumpable); > > EXPORT_SYMBOL_GPL? No problem to me. > > if (current->euid == current->uid && current->egid == current->gid) > > current->mm->dumpable = 1; > > Should this be SUID_DUMP_USER? Actually the feedback I had from last time was that the SUID_ defines should go because its clearer to follow the numbers. They can go everywhere (and there are lots of places where dumpable is tested/used as a bool in untouched code) > Maybe this should be renamed to `dump_policy' or something. Doing that > would help us catch any code which isn't using the #defines, too. Fair comment. The patch was designed to be easy to maintain for Red Hat rather than for merging. Changing that field would create a gigantic diff because it is used all over the place. ) Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/sysctl/kernel.txt20
1 files changed, 20 insertions, 0 deletions
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 35159176997b..9f11d36a8c10 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -49,6 +49,7 @@ show up in /proc/sys/kernel:
49- shmmax [ sysv ipc ] 49- shmmax [ sysv ipc ]
50- shmmni 50- shmmni
51- stop-a [ SPARC only ] 51- stop-a [ SPARC only ]
52- suid_dumpable
52- sysrq ==> Documentation/sysrq.txt 53- sysrq ==> Documentation/sysrq.txt
53- tainted 54- tainted
54- threads-max 55- threads-max
@@ -300,6 +301,25 @@ kernel. This value defaults to SHMMAX.
300 301
301============================================================== 302==============================================================
302 303
304suid_dumpable:
305
306This value can be used to query and set the core dump mode for setuid
307or otherwise protected/tainted binaries. The modes are
308
3090 - (default) - traditional behaviour. Any process which has changed
310 privilege levels or is execute only will not be dumped
3111 - (debug) - all processes dump core when possible. The core dump is
312 owned by the current user and no security is applied. This is
313 intended for system debugging situations only. Ptrace is unchecked.
3142 - (suidsafe) - any binary which normally would not be dumped is dumped
315 readable by root only. This allows the end user to remove
316 such a dump but not access it directly. For security reasons
317 core dumps in this mode will not overwrite one another or
318 other files. This mode is appropriate when adminstrators are
319 attempting to debug problems in a normal environment.
320
321==============================================================
322
303tainted: 323tainted:
304 324
305Non-zero if the kernel has been tainted. Numeric values, which 325Non-zero if the kernel has been tainted. Numeric values, which