On Fri, 22 Jun 2012 12:24:13 -0700 Kees Cook <keescook@xxxxxxxxxxxx> wrote: > The value > of suid_dumpable=2 is now historic, and attempting to set this sysctl > value returns -EINVAL. This sounds a bit harsh - will it not cause existing configurations to immediately break? If so, would it not be better to retain the =2 mode for a while, and emit a nice warning when it is set? > > ... > > +/* Allow only the valid suid_dumpable values. */ > +static int do_proc_dointvec_suid_dumpable_conv(bool *negp, > + unsigned long *lvalp, int *valp, int write, void *data) > +{ > + if (write) { > + int val = *negp ? -*lvalp : *lvalp; > + if (val != SUID_DUMPABLE_DISABLED && > + val != SUID_DUMPABLE_ENABLED && > + val != SUID_DUMPABLE_PIPE_ONLY) > + return -EINVAL; > + *valp = val; > + } else { > + int val = *valp; > + if (val < 0) { > + *negp = true; > + *lvalp = (unsigned long)-val; > + } else { > + *negp = false; > + *lvalp = (unsigned long)val; Those two typecasts are unneeded. > + } > + } > + return 0; > +} > + -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html