Hi Jonny, On 6/6/20 11:16 PM, Jonny Grant wrote: > > > On 06/06/2020 20:39, Michael Kerrisk (man-pages) wrote: >> On Sat, 6 Jun 2020 at 20:32, Jakub Wilk <jwilk@xxxxxxxxx> wrote: >>> >>> * Jonny Grant <jg@xxxxxxxx>, 2020-06-06, 16:45: >>>>>> 3) Could i ask to clarify my understanding. For this "The binary >>>>>> being executed by the process does not have read permission enabled." >>>>>> -- is this when the binary permissions are changed after it starts >>>>>> running? >>>>> No, AFAICS the permission check is done when the process starts. >>>> How can the process start if the binary file doesn't have read >>>> permissions enabled? >>> >>> It's a bit weird, but the kernel doesn't mind: >>> >>> $ cp /bin/ls . >>> $ chmod a-r ls >>> $ ./ls -l ls >>> --wx--x--x 1 jwilk jwilk 138856 Jun 6 20:22 ls >> >> And from core(5): >> >> There are various circumstances in which a core dump file is not >> produced: >> ... >> * The binary being executed by the process does not have read >> permission enabled. >> >> So, the binary can be executed, but not read, and will not do a core >> dump (since that might be readable). >> >> Thanks, >> >> Michael > > Hi Michael, Jakub, > > It sounds like a good security feature. Could that be documented on the man page as the reason? > > ie something like this: > > * The binary being executed by the process does not have read > permission enabled, therefore a core file would reveal information in > a readable file, so it cannot be dumped. Thanks for the suggested wording. I applied the patch below. Thanks, Michael diff --git a/man5/core.5 b/man5/core.5 index 456366ea6..0d7b7b617 100644 --- a/man5/core.5 +++ b/man5/core.5 @@ -90,6 +90,10 @@ in .IP * The binary being executed by the process does not have read permission enabled. +(This is a security measure to +ensure that an executable whose contents are not readable +does not produce a\(empossibly readable\(emcore dump containing +an image of the executable.) .IP * The process is executing a set-user-ID (set-group-ID) program that is owned by a user (group) other than the real user (group) -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/
