diff options
author | Roland McGrath <roland@redhat.com> | 2007-11-11 19:13:43 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-11-12 10:32:29 -0800 |
commit | 00ec99da43a7c2aed46c6595aa271b84bb1b1462 (patch) | |
tree | 88eec24facdcba422db6a13206d4586daef9e1ad /Documentation/pm.txt | |
parent | 6e800af233e0bdf108efb7bd23c11ea6fa34cdeb (diff) | |
download | op-kernel-dev-00ec99da43a7c2aed46c6595aa271b84bb1b1462.zip op-kernel-dev-00ec99da43a7c2aed46c6595aa271b84bb1b1462.tar.gz |
core dump: remain dumpable
The coredump code always calls set_dumpable(0) when it starts (even
if RLIMIT_CORE prevents any core from being dumped). The effect of
this (via task_dumpable) is to make /proc/pid/* files owned by root
instead of the user, so the user can no longer examine his own
process--in a case where there was never any privileged data to
protect. This affects e.g. auxv, environ, fd; in Fedora (execshield)
kernels, also maps. In practice, you can only notice this when a
debugger has requested PTRACE_EVENT_EXIT tracing.
set_dumpable was only used in do_coredump for synchronization and not
intended for any security purpose. (It doesn't secure anything that wasn't
already unsecured when a process dies by SIGTERM instead of SIGQUIT.)
This changes do_coredump to check the core_waiters count as the means of
synchronization, which is sufficient. Now we leave the "dumpable" bits alone.
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation/pm.txt')
0 files changed, 0 insertions, 0 deletions