Re: [PATCH] exec: Weaken dumpability for secureexec

From: Kees Cook
Date: Wed Jan 03 2018 - 12:21:47 EST


On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley <horsley1953@xxxxxxxxx> wrote:
> On Wed, 3 Jan 2018 01:04:44 -0600
> Serge E. Hallyn wrote:
>
>> > This weakens dumpability back to checking only for uid/gid changes in
>> > current (which is useless), but userspace depends on dumpability not
>> > being tied to secureexec.
>> >
>> > https://bugzilla.redhat.com/show_bug.cgi?id=1528633
>> >
>> > Reported-by: Tom Horsley <horsley1953@xxxxxxxxx>
>>
>> Seems right, any chance we could get a tested-by: Tom? (Did we already
>> get that?)
>
> I didn't test it myself, but all I'd do is run the test program
> I've attached to the bugzilla above which is trivial compared
> to be learning how to patch and build kernels. So it would be
> much simpler for someone with the kernel already built to
> extract the tarball and type make :-).

This is what I did to verify it. Thank you very much for the test case!

-Kees

--
Kees Cook
Pixel Security