Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 22 Jun 2012 12:24:13 -0700
Kees Cook <keescook@xxxxxxxxxxxx> wrote:

> The value
> of suid_dumpable=2 is now historic, and attempting to set this sysctl
> value returns -EINVAL.

This sounds a bit harsh - will it not cause existing configurations to
immediately break?  If so, would it not be better to retain the =2 mode
for a while, and emit a nice warning when it is set?

>
> ...
>
> +/* Allow only the valid suid_dumpable values. */
> +static int do_proc_dointvec_suid_dumpable_conv(bool *negp,
> +		unsigned long *lvalp, int *valp, int write, void *data)
> +{
> +	if (write) {
> +		int val = *negp ? -*lvalp : *lvalp;
> +		if (val != SUID_DUMPABLE_DISABLED &&
> +		    val != SUID_DUMPABLE_ENABLED &&
> +		    val != SUID_DUMPABLE_PIPE_ONLY)
> +			return -EINVAL;
> +		*valp = val;
> +	} else {
> +		int val = *valp;
> +		if (val < 0) {
> +			*negp = true;
> +			*lvalp = (unsigned long)-val;
> +		} else {
> +			*negp = false;
> +			*lvalp = (unsigned long)val;

Those two typecasts are unneeded.

> +		}
> +	}
> +	return 0;
> +}
> +

--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux