Commit 760c6a91 authored Dec 14, 2016 by Alexey Dobriyan Committed by Linus Torvalds Dec 14, 2016

coredump: clarify "unsafe core_pattern" warning

I was amused to find "unsafe core_pattern" warning having these lines in
/etc/sysctl.conf:

	fs.suid_dumpable=2
	kernel.core_pattern=/core/core-%e-%p-%E
	kernel.core_uses_pid=0

Turns out kernel is formally right.  Default core_pattern is just "core",
which doesn't qualify for secure path while setting suid.dumpable.

Hint admins about solution, clarify sysctl names, delete unnecessary '\'
characters (string literals are concatenated regardless) and reformat for
easier grepping.

Link: http://lkml.kernel.org/r/20161029152124.GA1258@avx2


Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent c7be96af

kernel/sysctl.c

+5 −3

Original line number	Diff line number	Diff line
		@@ -2389,9 +2389,11 @@ static void validate_coredump_safety(void)
		#ifdef CONFIG_COREDUMP
		if (suid_dumpable == SUID_DUMP_ROOT &&
		core_pattern[0] != '/' && core_pattern[0] != '\|') {
		printk(KERN_WARNING "Unsafe core_pattern used with "\
		"suid_dumpable=2. Pipe handler or fully qualified "\
		"core dump path required.\n");
		printk(KERN_WARNING
		"Unsafe core_pattern used with fs.suid_dumpable=2.\n"
		"Pipe handler or fully qualified core dump path required.\n"
		"Set kernel.core_pattern before fs.suid_dumpable.\n"
		);
		}
		#endif
		}

Admin message