• Roland McGrath's avatar
    core dump: remain dumpable · 00ec99da
    Roland McGrath authored
    The coredump code always calls set_dumpable(0) when it starts (even
    if RLIMIT_CORE prevents any core from being dumped).  The effect of
    this (via task_dumpable) is to make /proc/pid/* files owned by root
    instead of the user, so the user can no longer examine his own
    process--in a case where there was never any privileged data to
    protect.  This affects e.g. auxv, environ, fd; in Fedora (execshield)
    kernels, also maps.  In practice, you can only notice this when a
    debugger has requested PTRACE_EVENT_EXIT tracing.
    
    set_dumpable was only used in do_coredump for synchronization and not
    intended for any security purpose.  (It doesn't secure anything that wasn't
    already unsecured when a process dies by SIGTERM instead of SIGQUIT.)
    
    This changes do_coredump to check the core_waiters count as the means of
    synchronization, which is sufficient.  Now we leave the "dumpable" bits alone.
    Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    00ec99da
exec.c 41 KB