Re: [PATCH] exec: Weaken dumpability for secureexec

From: Laura Abbott
Date: Wed Jan 03 2018 - 12:34:16 EST


On 01/03/2018 09:21 AM, Kees Cook wrote:
On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley <horsley1953@xxxxxxxxx> wrote:
On Wed, 3 Jan 2018 01:04:44 -0600
Serge E. Hallyn wrote:

This weakens dumpability back to checking only for uid/gid changes in
current (which is useless), but userspace depends on dumpability not
being tied to secureexec.

https://bugzilla.redhat.com/show_bug.cgi?id=1528633

Reported-by: Tom Horsley <horsley1953@xxxxxxxxx>

Seems right, any chance we could get a tested-by: Tom? (Did we already
get that?)

I didn't test it myself, but all I'd do is run the test program
I've attached to the bugzilla above which is trivial compared
to be learning how to patch and build kernels. So it would be
much simpler for someone with the kernel already built to
extract the tarball and type make :-).

This is what I did to verify it. Thank you very much for the test case!

-Kees


I ran the test case again and can confirm that it works. I didn't
get a chance to try the other test case I reported (coredumping
systemd units) but I pointed the reporter to the patch.

Thanks,
Laura