aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorAlan Cox <alan@lxorguk.ukuu.org.uk>2005-06-23 03:09:43 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-06-23 12:45:26 -0400
commitd6e711448137ca3301512cec41a2c2ce852b3d0a (patch)
treef0765ebd90fdbdf270c05fcd7f3d32b24ba56681 /include
parent8b0914ea7475615c7c8965c1ac8fe4069270f25c (diff)
[PATCH] setuid core dump
Add a new `suid_dumpable' sysctl: This value can be used to query and set the core dump mode for setuid or otherwise protected/tainted binaries. The modes are 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped 1 - (debug) - all processes dump core when possible. The core dump is owned by the current user and no security is applied. This is intended for system debugging situations only. Ptrace is unchecked. 2 - (suidsafe) - any binary which normally would not be dumped is dumped readable by root only. This allows the end user to remove such a dump but not access it directly. For security reasons core dumps in this mode will not overwrite one another or other files. This mode is appropriate when adminstrators are attempting to debug problems in a normal environment. (akpm: > > +EXPORT_SYMBOL(suid_dumpable); > > EXPORT_SYMBOL_GPL? No problem to me. > > if (current->euid == current->uid && current->egid == current->gid) > > current->mm->dumpable = 1; > > Should this be SUID_DUMP_USER? Actually the feedback I had from last time was that the SUID_ defines should go because its clearer to follow the numbers. They can go everywhere (and there are lots of places where dumpable is tested/used as a bool in untouched code) > Maybe this should be renamed to `dump_policy' or something. Doing that > would help us catch any code which isn't using the #defines, too. Fair comment. The patch was designed to be easy to maintain for Red Hat rather than for merging. Changing that field would create a gigantic diff because it is used all over the place. ) Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/binfmts.h5
-rw-r--r--include/linux/sched.h2
-rw-r--r--include/linux/sysctl.h1
3 files changed, 7 insertions, 1 deletions
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 7e736e201c46..c1e82c514443 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -69,6 +69,11 @@ extern void remove_arg_zero(struct linux_binprm *);
69extern int search_binary_handler(struct linux_binprm *,struct pt_regs *); 69extern int search_binary_handler(struct linux_binprm *,struct pt_regs *);
70extern int flush_old_exec(struct linux_binprm * bprm); 70extern int flush_old_exec(struct linux_binprm * bprm);
71 71
72extern int suid_dumpable;
73#define SUID_DUMP_DISABLE 0 /* No setuid dumping */
74#define SUID_DUMP_USER 1 /* Dump as user of process */
75#define SUID_DUMP_ROOT 2 /* Dump as root */
76
72/* Stack area protections */ 77/* Stack area protections */
73#define EXSTACK_DEFAULT 0 /* Whatever the arch defaults to */ 78#define EXSTACK_DEFAULT 0 /* Whatever the arch defaults to */
74#define EXSTACK_DISABLE_X 1 /* Disable executable stacks */ 79#define EXSTACK_DISABLE_X 1 /* Disable executable stacks */
diff --git a/include/linux/sched.h b/include/linux/sched.h
index b58afd97a180..901742f92389 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -246,7 +246,7 @@ struct mm_struct {
246 246
247 unsigned long saved_auxv[42]; /* for /proc/PID/auxv */ 247 unsigned long saved_auxv[42]; /* for /proc/PID/auxv */
248 248
249 unsigned dumpable:1; 249 unsigned dumpable:2;
250 cpumask_t cpu_vm_mask; 250 cpumask_t cpu_vm_mask;
251 251
252 /* Architecture-specific MM context */ 252 /* Architecture-specific MM context */
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index a17745c80a91..614e939c78a4 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -136,6 +136,7 @@ enum
136 KERN_UNKNOWN_NMI_PANIC=66, /* int: unknown nmi panic flag */ 136 KERN_UNKNOWN_NMI_PANIC=66, /* int: unknown nmi panic flag */
137 KERN_BOOTLOADER_TYPE=67, /* int: boot loader type */ 137 KERN_BOOTLOADER_TYPE=67, /* int: boot loader type */
138 KERN_RANDOMIZE=68, /* int: randomize virtual address space */ 138 KERN_RANDOMIZE=68, /* int: randomize virtual address space */
139 KERN_SETUID_DUMPABLE=69, /* int: behaviour of dumps for setuid core */
139}; 140};
140 141
141 142