Re: Core dumps and being root

David Schleef (ds@stm.lbl.gov)
Mon, 27 Jul 1998 16:04:36 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Norbert Lund: "SMP in 2.1.111"
Previous message: Iusty Pop: "Re: VesaFB / VGAfb on 3DLab Permedia2"
In reply to: Alan Cox: "Core dumps and being root"

>
> Someone pointed this out on irc and much to my suprise its true.
>
> With 2.1.10x programs run as root by root with uid==gid euid==egid
> are not dumpable. So you can't core dump programs as root. This
> seems to be because
>
> if (current->euid != current->uid || current->egid != current->gid ||
> !cap_isclear(current->cap_permitted))
> current->dumpable = 0;
>
> doesn't account for the superuser - who has special rights but shouldnt
> be stopped from core dumping as those rights are (in normal unix anyway)
> not 'raised' but implicit.
>
> Alan

Doesn't this open a huge security hole? Right now, a user can do the
following:

ln -s some_other_file core
./command_that_dumps_core

and get a core dump in some_other_file.

Now, suppose root can dump core. Then if there is a link from core to, say,
/etc/passwd, strategically located, and root dumps core in that directory...

I don't think there is a problem if root core dumps were always placed in
/root/core, or some other "safe" location. But not the current directory.

dave...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Norbert Lund: "SMP in 2.1.111"
Previous message: Iusty Pop: "Re: VesaFB / VGAfb on 3DLab Permedia2"
In reply to: Alan Cox: "Core dumps and being root"