Date: Wed, 21 Apr 2004 18:18:27 -0700
From: Andrew Morton <akpm@osdl.org>
To: Peter =?ISO-8859-1?B?V+RjaHRsZXI=?= <pwaechtler@mac.com>
Cc: linux-kernel@vger.kernel.org, torvalds@osdl.org
Subject: Re: [PATCH] coredump - as root not only if euid switched
Message-Id: <20040421181827.5c2b5405.akpm@osdl.org>
In-Reply-To: <1082575247.3052.21.camel@picklock.adams.family>
References: <1082575247.3052.21.camel@picklock.adams.family>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1289
Lines: 36

Peter W?chtler <pwaechtler@mac.com> wrote:
>
> While it's more secure to not dump core at all if the program has
>  switched euid, it's also very unpractical. Since only programs 
>  started from root, being setuid root or have CAP_SETUID it's far 
>  more practical to dump as root.root mode 600. This is the bahavior 
>  of Solaris.
> 
>  The current implementation does not ensure that an existing core
>  file is only readable as root, i.e. after dumping the ownership 
>  and mode is unchanged.
> 
>  Besides mm->dumpable to avoid recursive core dumps, on setuid files 
>  the dumpable flag still prevents a core dump while seteuid & co will
>  result in a core only readable as root.

It's a bit sad to add another function call level to sys_unlink() simply
because the core dumping code needs it.

Is it not possible to call sys_unlink() directly from there?  Something like

long kernel_unlink(const char *name)
{
	mm_segment_t old_fs = get_fs();
	long ret;

	set_fs(KERNEL_DS);
	ret = sys_unlink(name);
	set_fs(old_fs);
	return ret;
}	
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/