Re: [PATCH 1/3] coredump: cleanup documentation for suid_dumpable

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Eugene Teo <eugeneteo@...>

Cc: <linux-kernel@...>, Kawai, Hidehiro <hidehiro.kawai.ez@...>, Neil Horman <nhorman@...>, Bryan Wu <bryan.wu@...>

Subject: Re: [PATCH 1/3] coredump: cleanup documentation for suid_dumpable

Date: Wednesday, August 1, 2007 - 8:28 am

> > NAK - this feature is actively used and can be set by the sysctl
quoted text> > interface. The PRCTL fixup was just a bug being fixed. The sysctl
> > interface is still relevant.
> 
> Thank you for correcting me. Appreciated. I am not aware that it is still
> being actively used. May I know who or which program is using this feature?

Not programs - people. 

When you want to debug a large complex system with multiple setuid
applications it can rapidly get quite unpleasant. If you
set /proc/sys/kernel/suid_dumpable to 2 and /proc/sys/kernel/core_pattern
then it becomes possible to get hold of all the core dumps and debug the
system as a whole. The system is not secure in this state but while you
are doing that kind of debug on a devel system its usually acceptable.

Secondly we don't break userspace interfaces except in extreme cases -
proc/sys/kernel/suid_dumpable is a user space interface

Alan
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 0/3] coredump: setuid core dump cleanups, Eugene Teo, (Tue Jul 31, 3:02 am)

[PATCH 3/3] coredump: re-implement suid_dumpable using a flag, Eugene Teo, (Tue Jul 31, 3:05 am)

Re: [PATCH 3/3] coredump: re-implement suid_dumpable using a..., Alan Cox, (Tue Jul 31, 4:15 am)

[PATCH 2/3] coredump: remove suidsafe mode related dead code, Eugene Teo, (Tue Jul 31, 3:04 am)

Re: [PATCH 2/3] coredump: remove suidsafe mode related dead ..., Alan Cox, (Tue Jul 31, 4:14 am)

[PATCH 1/3] coredump: cleanup documentation for suid_dumpable, Eugene Teo, (Tue Jul 31, 3:03 am)

Re: [PATCH 1/3] coredump: cleanup documentation for suid_dum..., Alan Cox, (Tue Jul 31, 4:13 am)

Re: [PATCH 1/3] coredump: cleanup documentation for suid_dum..., Eugene Teo, (Tue Jul 31, 10:31 pm)

Re: [PATCH 1/3] coredump: cleanup documentation for suid_dum..., Alan Cox, (Wed Aug 1, 8:28 am)


linux-kernel:
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
Artem Bityutskiy	[PATCH 18/44 take 2] [UBI] build unit implementation
James Morris	Re: LSM conversion to static interface
git:

linux-netdev:
Paul Jackson	[PATCH] cpuset sched_load_balance kmalloc fix
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Linus Torvalds	Re: [GIT]: Networking
openbsd-misc:

Re: [PATCH 1/3] coredump: cleanup documentation for suid_dumpable

Online users