1 files changed, 20 insertions, 0 deletions
diff --git a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt
index 0b62c62142cf..5c3a51905969 100644
--- a/Documentation/sysctl/fs.txt
+++ b/Documentation/sysctl/fs.txt
@@ -25,6 +25,7 @@ Currently, these files are in /proc/sys/fs:
 - inode-state
 - overflowuid
 - overflowgid
+- suid_dumpable
 - super-max
 - super-nr
@@ -131,6 +132,25 @@ The default is 65534.
 ==============================================================
+suid_dumpable:
+This value can be used to query and set the core dump mode for setuid
+or otherwise protected/tainted binaries. The modes are
+0 - (default) - traditional behaviour. Any process which has changed
+        privilege levels or is execute only will not be dumped
+1 - (debug) - all processes dump core when possible. The core dump is
+        owned by the current user and no security is applied. This is
+        intended for system debugging situations only. Ptrace is unchecked.
+2 - (suidsafe) - any binary which normally would not be dumped is dumped
+        readable by root only. This allows the end user to remove
+        such a dump but not access it directly. For security reasons
+        core dumps in this mode will not overwrite one another or
+        other files. This mode is appropriate when adminstrators are
+        attempting to debug problems in a normal environment.
+==============================================================
 super-max & super-nr:
 These numbers control the maximum number of superblocks, and

diff --git a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt index 0b62c62142cf..5c3a51905969 100644 --- a/Documentation/sysctl/fs.txt +++ b/Documentation/sysctl/fs.txt
@@ -25,6 +25,7 @@ Currently, these files are in /proc/sys/fs:
25	- inode-state	25	- inode-state
26	- overflowuid	26	- overflowuid
27	- overflowgid	27	- overflowgid
		28	- suid_dumpable
28	- super-max	29	- super-max
29	- super-nr	30	- super-nr
30		31
@@ -131,6 +132,25 @@ The default is 65534.
131		132
132	==============================================================	133	==============================================================
133		134
		135	suid_dumpable:
		136
		137	This value can be used to query and set the core dump mode for setuid
		138	or otherwise protected/tainted binaries. The modes are
		139
		140	0 - (default) - traditional behaviour. Any process which has changed
		141	privilege levels or is execute only will not be dumped
		142	1 - (debug) - all processes dump core when possible. The core dump is
		143	owned by the current user and no security is applied. This is
		144	intended for system debugging situations only. Ptrace is unchecked.
		145	2 - (suidsafe) - any binary which normally would not be dumped is dumped
		146	readable by root only. This allows the end user to remove
		147	such a dump but not access it directly. For security reasons
		148	core dumps in this mode will not overwrite one another or
		149	other files. This mode is appropriate when adminstrators are
		150	attempting to debug problems in a normal environment.
		151
		152	==============================================================
		153
134	super-max & super-nr:	154	super-max & super-nr:
135		155
136	These numbers control the maximum number of superblocks, and	156	These numbers control the maximum number of superblocks, and