Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3

From: Andrew Morton
Date: Fri Jun 22 2012 - 17:57:09 EST

Next message: Mandeep Singh Baines: "[PATCH v2] x86, mm: only wait for flushes from online cpus"
Previous message: Andrew Morton: "Re: [PATCH] printk: Add printk_flush() to force buffered text toconsole"
In reply to: Kees Cook: "Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3"
Next in thread: Kees Cook: "Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 22 Jun 2012 14:51:54 -0700
Kees Cook <keescook@xxxxxxxxxxxx> wrote:

> > And how serious is the security vulnerability, in real-world terms?
> > Serious enough to risk this amount of bustage?
>
> If they're running in mode "2" and they do not have a coredump pipe
> handler defined, local users can gain root access.

But the kernel can detect this case and avoid it? If we do that at the same
time, we can avoid any mode=2 non-back-compatible breakage?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mandeep Singh Baines: "[PATCH v2] x86, mm: only wait for flushes from online cpus"
Previous message: Andrew Morton: "Re: [PATCH] printk: Add printk_flush() to force buffered text toconsole"
In reply to: Kees Cook: "Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3"
Next in thread: Kees Cook: "Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]