korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-22 04:31:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
d6e7114481
linux/fs
History
Alan Cox d6e7114481 [PATCH] setuid core dump 
Add a new `suid_dumpable' sysctl:

This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are

0 - (default) - traditional behaviour.  Any process which has changed
    privilege levels or is execute only will not be dumped

1 - (debug) - all processes dump core when possible.  The core dump is
    owned by the current user and no security is applied.  This is intended
    for system debugging situations only.  Ptrace is unchecked.

2 - (suidsafe) - any binary which normally would not be dumped is dumped
    readable by root only.  This allows the end user to remove such a dump but
    not access it directly.  For security reasons core dumps in this mode will
    not overwrite one another or other files.  This mode is appropriate when
    adminstrators are attempting to debug problems in a normal environment.

(akpm:

> > +EXPORT_SYMBOL(suid_dumpable);
>
> EXPORT_SYMBOL_GPL?

No problem to me.

> >  	if (current->euid == current->uid && current->egid == current->gid)
> >  		current->mm->dumpable = 1;
>
> Should this be SUID_DUMP_USER?

Actually the feedback I had from last time was that the SUID_ defines
should go because its clearer to follow the numbers. They can go
everywhere (and there are lots of places where dumpable is tested/used
as a bool in untouched code)

> Maybe this should be renamed to `dump_policy' or something.  Doing that
> would help us catch any code which isn't using the #defines, too.

Fair comment. The patch was designed to be easy to maintain for Red Hat
rather than for merging. Changing that field would create a gigantic
diff because it is used all over the place.

)

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 09:45:26 -07:00
..
adfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
affs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
afs [PATCH] Exterminate PAGE_BUG 2005-05-01 08:59:01 -07:00
autofs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
autofs4 [PATCH] autofs4: bad lookup fix 2005-06-21 19:07:35 -07:00
befs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
bfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cifs [CIFS] Fix cifs update of page cache. Write at correct offset when out of memory 2005-06-09 14:44:07 -07:00
coda [PATCH] class: convert the remaining class_simple users in the kernel to usee the new class api 2005-06-20 15:15:11 -07:00
cramfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
debugfs [PATCH] remove duplicate get_dentry functions in various places 2005-06-23 09:45:20 -07:00
devfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
devpts Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
efs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
exportfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ext2 [PATCH] ext2 corruption - regression between 2.6.9 and 2.6.10 2005-04-16 15:25:45 -07:00
ext3 [PATCH] quota: consolidate code surrounding vfs_quota_on_mount 2005-06-23 09:45:20 -07:00
fat Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
freevxfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
hfs [PATCH] hfs, hfsplus: don't leak s_fs_info and fix an oops 2005-05-01 08:59:16 -07:00
hfsplus [PATCH] hfs, hfsplus: don't leak s_fs_info and fix an oops 2005-05-01 08:59:16 -07:00
hostfs [PATCH] uml: remove 2_5compat.h 2005-05-28 16:46:11 -07:00
hpfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
hppfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
hugetlbfs [PATCH] Avoiding mmap fragmentation 2005-06-21 18:46:16 -07:00
isofs [PATCH] isofs: show hidden files, add granularity for assoc/hidden files flags 2005-06-21 19:07:38 -07:00
jbd [PATCH] ext3: fix list scanning in __cleanup_transaction 2005-06-02 15:12:29 -07:00
jffs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
jffs2 [PATCH] make some things static 2005-05-05 16:36:47 -07:00
jfs JFS: Fix compiler warning in jfs_logmgr.c 2005-06-03 14:09:54 -05:00
lockd [PATCH] NLM: fix a client-side race on blocking locks. 2005-06-22 16:07:42 -04:00
minix Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
msdos Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ncpfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
nfs [PATCH] NFS: Add debugging code to NFSv4 readdir 2005-06-22 16:07:44 -04:00
nfs_common [PATCH] NFSD: Add server support for NFSv3 ACLs. 2005-06-22 16:07:23 -04:00
nfsd [PATCH] fix nfsacl pointer arithmetic and pg_class initialization bugs 2005-06-22 16:07:27 -04:00
nls [PATCH] make some things static 2005-05-05 16:36:47 -07:00
ntfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
openpromfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
partitions [PATCH] revert msdos partitioning fix 2005-05-06 22:09:27 -07:00
proc [PATCH] setuid core dump 2005-06-23 09:45:26 -07:00
qnx4 Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ramfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
reiserfs [PATCH] quota: consolidate code surrounding vfs_quota_on_mount 2005-06-23 09:45:20 -07:00
romfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
smbfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sysfs [PATCH] remove duplicate get_dentry functions in various places 2005-06-23 09:45:20 -07:00
sysv Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
udf [PATCH] UDF filesystem: array '__mon_yday' declared as not static 2005-05-31 14:54:18 -07:00
ufs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
umsdos Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
vfat Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfs Merge rsync://oss.sgi.com/git/xfs-2.6 2005-06-21 19:51:18 -07:00
aio.c [PATCH] aio: optimize io_submit_one() 2005-05-01 08:59:16 -07:00
attr.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
bad_inode.c [PATCH] make some things static 2005-05-05 16:36:47 -07:00
binfmt_aout.c [PATCH] Avoiding mmap fragmentation 2005-06-21 18:46:16 -07:00
binfmt_elf_fdpic.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_elf.c [PATCH] Avoiding mmap fragmentation 2005-06-21 18:46:16 -07:00
binfmt_em86.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_flat.c [PATCH] binfmt_flat mmap flag fix 2005-06-06 14:57:51 -07:00
binfmt_misc.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_script.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_som.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
bio.c [PATCH] DocBook: fix some descriptions 2005-05-01 08:59:26 -07:00
block_dev.c [PATCH] remove do_sync parameter from __invalidate_device 2005-05-05 16:36:44 -07:00
buffer.c [PATCH] vm: try_to_free_pages unused argument 2005-06-21 18:46:17 -07:00
char_dev.c [PATCH] add check to /proc/devices read routines 2005-06-23 09:45:19 -07:00
compat_ioctl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
compat.c [PATCH] NFS4: Don't use __user with compat_uptr_t 2005-04-27 15:39:03 -07:00
dcache.c [PATCH] make some things static 2005-05-05 16:36:47 -07:00
dcookies.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
direct-io.c [PATCH] Direct IO async short read fix 2005-04-16 15:25:50 -07:00
dnotify.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
dquot.c [PATCH] quota: sanitize dentry handling in vfs_quota_on_mount 2005-06-23 09:45:20 -07:00
eventpoll.c [PATCH] make some things static 2005-05-05 16:36:47 -07:00
exec.c [PATCH] setuid core dump 2005-06-23 09:45:26 -07:00
fcntl.c [PATCH] convert that currently tests _NSIG directly to use valid_signal() 2005-05-01 08:59:14 -07:00
fifo.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
file_table.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
file.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
filesystems.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
fs-writeback.c [PATCH] DocBook: fix some descriptions 2005-05-01 08:59:26 -07:00
inode.c [PATCH] fix for prune_icache()/forced final iput() races 2005-06-23 09:45:17 -07:00
ioctl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Kconfig [PATCH] NFS: Add support for NFSv3 ACLs 2005-06-22 16:07:24 -04:00
Kconfig.binfmt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
libfs.c [PATCH] libfs: add simple attribute files 2005-06-20 15:15:30 -07:00
locks.c [PATCH] VFS: Ensure that all the on-stack struct file_lock call fl_release_private 2005-06-22 16:07:40 -04:00
Makefile [PATCH] NFSD: Add server support for NFSv3 ACLs. 2005-06-22 16:07:23 -04:00
mbcache.c [PATCH] make some things static 2005-05-05 16:36:47 -07:00
mpage.c [PATCH] mpage_end_io_write() I/O error handling fix 2005-06-04 17:12:59 -07:00
namei.c [PATCH] namei fixes (19/19) 2005-06-06 14:42:27 -07:00
namespace.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
nfsctl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
open.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
pipe.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
posix_acl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
quota_v1.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
quota_v2.c [PATCH] quota: possible bug in quota format v2 support 2005-04-16 15:25:47 -07:00
quota.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
read_write.c [PATCH] undo do_readv_writev() behavior change 2005-04-16 15:25:49 -07:00
readdir.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
select.c [PATCH] make some things static 2005-05-05 16:36:47 -07:00
seq_file.c [PATCH] DocBook: fix some descriptions 2005-05-01 08:59:26 -07:00
stat.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
super.c [PATCH] VFS: memory leak in do_kern_mount() 2005-06-21 18:46:22 -07:00
xattr_acl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xattr.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00