Re: Core dumps and being root

Alexander Kjeldaas (astor@guardian.no)
Tue, 28 Jul 1998 11:50:37 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: Kernel lockups with 2.0.3x"
Previous message: David S. Miller: "Re: latest 2.1.11* with de4x5 and multiple Tulips"
In reply to: Alan Cox: "Core dumps and being root"

On Mon, Jul 27, 1998 at 10:23:46PM +0100, Alan Cox wrote:
> Someone pointed this out on irc and much to my suprise its true.
>
> With 2.1.10x programs run as root by root with uid==gid euid==egid
> are not dumpable. So you can't core dump programs as root. This
> seems to be because
>
> if (current->euid != current->uid || current->egid != current->gid ||
> !cap_isclear(current->cap_permitted))
> current->dumpable = 0;
>
> doesn't account for the superuser - who has special rights but shouldnt
> be stopped from core dumping as those rights are (in normal unix anyway)
> not 'raised' but implicit.
>

Yes that test is definitively wrong. It should be the same test used
in prepare_binprm a few lines up for testing whether the executable
has "raised" capabilities. That is - test whether the new process'
permitted set has gained any bits on the previous process' permitted
set. Here's a patch cleaning up this function:

--- linux.patched/fs/exec.c.orig Tue Jul 28 11:23:24 1998
+++ linux.patched/fs/exec.c Tue Jul 28 11:35:31 1998
@@ -687,26 +687,31 @@

void compute_creds(struct linux_binprm *bprm)
{
+ current->suid = current->euid = current->fsuid = bprm->e_uid;
+ current->sgid = current->egid = current->fsgid = bprm->e_gid;
+
/* For init, we want to retain the capabilities set
* in the init_task struct. Thus we skip the usual
* capability rules */
if (current->pid != 1) {
- int new_permitted = bprm->cap_permitted.cap |
- (bprm->cap_inheritable.cap &
- current->cap_inheritable.cap);
+ kernel_cap_t new_permitted =
+ cap_combine(bprm->cap_permitted,
+ cap_intersect(bprm->cap_inheritable,
+ current->cap_inheritable));
+
+ /* Clear dumpable if suid-exec or we got some new
+ capabilities */
+ if (current->euid != current->uid ||
+ current->egid != current->gid ||
+ !cap_issubset(new_permitted, current->cap_permitted)) {
+ current->dumpable = 0;
+ }

- current->cap_permitted.cap = new_permitted;
- current->cap_effective.cap = new_permitted &
- bprm->cap_effective.cap;
+ current->cap_permitted = new_permitted;
+ current->cap_effective = cap_intersect(new_permitted,
+ bprm->cap_effective);
}
-
/* AUD: Audit candidate if current->cap_effective is set */
-
- current->suid = current->euid = current->fsuid = bprm->e_uid;
- current->sgid = current->egid = current->fsgid = bprm->e_gid;
- if (current->euid != current->uid || current->egid != current->gid ||
- !cap_isclear(current->cap_permitted))
- current->dumpable = 0;
}

astor

-- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Alan Cox: "Re: Kernel lockups with 2.0.3x"
Previous message: David S. Miller: "Re: latest 2.1.11* with de4x5 and multiple Tulips"
In reply to: Alan Cox: "Core dumps and being root"