diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2006-12-07 04:40:39 (GMT) |
---|---|---|
committer | Linus Torvalds <torvalds@woody.osdl.org> | 2006-12-07 16:39:46 (GMT) |
commit | 6d4df677f8a60ea6bc0ef1a596c1a3a79b1d4882 (patch) | |
tree | 289572805ebba72be476af5d1b89fef32070114d /Documentation/00-INDEX | |
parent | 7d1362c0d05b8543807ab403ac8ce813cab41fa4 (diff) | |
download | linux-fsl-qoriq-6d4df677f8a60ea6bc0ef1a596c1a3a79b1d4882.tar.xz |
[PATCH] do_coredump() and not stopping rewrite attacks?
On Sat, Dec 02, 2006 at 11:47:44PM +0300, Alexey Dobriyan wrote:
> David Binderman compiled 2.6.19 with icc and grepped for "was set but never
> used". Many warnings are on
> http://coderock.org/kj/unused-2.6.19-fs
Heh, the very first line:
fs/exec.c(1465): remark #593: variable "flag" was set but never used
fs/exec.c:
1477 /*
1478 * We cannot trust fsuid as being the "true" uid of the
1479 * process nor do we know its entire history. We only know it
1480 * was tainted so we dump it as root in mode 2.
1481 */
1482 if (mm->dumpable == 2) { /* Setuid core dump mode */
1483 flag = O_EXCL; /* Stop rewrite attacks */
1484 current->fsuid = 0; /* Dump root private */
1485 }
And then filp_open follows with "flag" totally ignored.
(akpm: this restores the code to Alan's original version. Andi's "Support
piping into commands in /proc/sys/kernel/core_pattern" (cset d025c9db) broke
it).
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: <stable@kerenl.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation/00-INDEX')
0 files changed, 0 insertions, 0 deletions