Re: [PATCH] fs: make dumpable=2 only write to a pipe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 21 Jun 2012 12:43:19 -0700
Kees Cook <keescook@xxxxxxxxxxxx> wrote:

> When the suid_dumpable sysctl is set to "2", and there is no
> core dump pipe defined in the core_pattern sysctl, a local user
> can cause core files to be written to root-writable directories,
> potentially with user-controlled content. This means an admin
> can unknowningly reintroduce a variation of CVE-2006-2451 (see
> abf75a5033d4da7b8a7e92321d74021d1fcfb502).

Its intended to work the way it does. It's also ABI. I think pipe-only is
a really good idea. Likewise I accept with the pipe feature nowdays there
is a good case to kill off case 2.

However I don't think magically turning one into the other is sensible,
in fact its *stupid* IMHO because it's asking systems to get unexpected
behaviour.

I would much rather see case 2 either left as is, or set to return
-EINVAL (or similar) and a new case 3 for pipe only.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux