> if (current->euid != old_euid)
> current->dumpable = 0;
> ~~~~~~~~~~~~~~~~~~~~~~
>
> I _think_ that if I'm suser(), than current->dumpable should not be
> reset. After all, that program now lost all it privilegs and there are
> probably other ways how to read its address space - so there may be
> nothing important in there.
Imagine you still have parts of /etc/shadow in your process memory,
then you change euid to some user and the user sends a kill -ABRT to
your process. Then he has /etc/shadow in the core file. The check
should be not changed IMHO.
-Andi