Commit 00ec99da authored by Roland McGrath's avatar Roland McGrath Committed by Linus Torvalds
Browse files

core dump: remain dumpable 



The coredump code always calls set_dumpable(0) when it starts (even
if RLIMIT_CORE prevents any core from being dumped).  The effect of
this (via task_dumpable) is to make /proc/pid/* files owned by root
instead of the user, so the user can no longer examine his own
process--in a case where there was never any privileged data to
protect.  This affects e.g. auxv, environ, fd; in Fedora (execshield)
kernels, also maps.  In practice, you can only notice this when a
debugger has requested PTRACE_EVENT_EXIT tracing.

set_dumpable was only used in do_coredump for synchronization and not
intended for any security purpose.  (It doesn't secure anything that wasn't
already unsecured when a process dies by SIGTERM instead of SIGQUIT.)

This changes do_coredump to check the core_waiters count as the means of
synchronization, which is sufficient.  Now we leave the "dumpable" bits alone.

Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 6e800af2

fs/exec.c

+4 −2
Original line number Diff line number Diff line
@@ -1692,7 +1692,10 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) 
	if (!binfmt || !binfmt->core_dump)

		goto fail;

	down_write(&mm->mmap_sem);

	if (!get_dumpable(mm)) {

	/*

	 * If another thread got here first, or we are not dumpable, bail out.

	 */

	if (mm->core_waiters || !get_dumpable(mm)) {

		up_write(&mm->mmap_sem);

		goto fail;

	}
@@ -1706,7 +1709,6 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) 
		flag = O_EXCL;		/* Stop rewrite attacks */

		current->fsuid = 0;	/* Dump root private */

	}

	set_dumpable(mm, 0);



	retval = coredump_wait(exit_code);

	if (retval < 0)

CRA Git | Maintained and supported by SUSTech CRA and CCSE