Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1762232Ab2FVOVj (ORCPT ); Fri, 22 Jun 2012 10:21:39 -0400 Received: from out01.mta.xmission.com ([166.70.13.231]:46154 "EHLO out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1762132Ab2FVOVh (ORCPT ); Fri, 22 Jun 2012 10:21:37 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: Kees Cook Cc: linux-kernel@vger.kernel.org, Rob Landley , Alexander Viro , Alan Cox , Marcel Holtmann , Doug Ledford , Andrew Morton , Serge Hallyn , Joe Korty , David Howells , James Morris , linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org References: <20120622000049.GA7877@www.outflux.net> Date: Fri, 22 Jun 2012 07:21:21 -0700 In-Reply-To: <20120622000049.GA7877@www.outflux.net> (Kees Cook's message of "Thu, 21 Jun 2012 17:00:49 -0700") Message-ID: <87ipejo2am.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=;;;mid=;;;hst=in01.mta.xmission.com;;;ip=98.207.153.68;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1/roZNSRLpWgjz0HkzNIdq+RHWMB6C7tlk= X-SA-Exim-Connect-IP: 98.207.153.68 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.1 XMSubLong Long Subject * 0.0 T_TM2_M_HEADER_IN_MSG BODY: T_TM2_M_HEADER_IN_MSG * -3.0 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa02 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject * 0.0 T_TooManySym_02 5+ unique symbols in subject X-Spam-DCC: XMission; sa02 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Kees Cook X-Spam-Relay-Country: Subject: Re: [PATCH v2] fs: introduce pipe-only dump mode suid_dumpable=3 X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Fri, 06 Aug 2010 16:31:04 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1706 Lines: 48 Kees Cook writes: > This patch introduces suid_dumpable=3 to allow privilege-changed processes > to be dumped only to a pipe handler (and not directly to disk). The value > of suid_dumpable=2 is now deprecated, and attempting to set this sysctl > value returns -EINVAL. Your patch descriptoin is wrong. Deprecate means something is encouraged not to be used not that the functionality is removed. I think what you are trying to say is that the value suid_dumpable=2 is now historic. Your implementation is absolutely gross. Reading the value from twice from user space?? Is an if statement that hard to code? Eric > +/* Allow only the integers 0, 1, and 3. */ > +static int proc_dointvec_suid_dumpable(struct ctl_table *table, int write, > + void __user *buffer, size_t *lenp, loff_t *ppos) > +{ > + int rc, min, max; > + struct do_proc_dointvec_minmax_conv_param param = { > + .min = &min, > + .max = &max, > + }; > + > + min = 0; > + max = 1; > + rc = do_proc_dointvec(table, write, buffer, lenp, ppos, > + do_proc_dointvec_minmax_conv, ¶m); > + if (rc != -EINVAL) > + return rc; > + > + min = 3; > + max = 3; > + rc = do_proc_dointvec(table, write, buffer, lenp, ppos, > + do_proc_dointvec_minmax_conv, ¶m); > + return rc; > +} > + > static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write, > void __user *buffer, > size_t *lenp, loff_t *ppos, -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/