Re: [PATCH] coredump - as root not only if euid switched

From: Linus Torvalds
Date: Thu Apr 22 2004 - 15:10:11 EST

On Thu, 22 Apr 2004, Peter Wächtler wrote:
> > hm, OK. There's a window in which someone can come in and recreate the
> > file, but the open is using O_EXCL|O_CREATE so that seems safe enough.
> So here is the updated patch with an open coded call to sys_unlink


Wouldn't it be much nicer to just refuse to overwrite files owned by
anybody else?

In other words, I'd much rather see a patch that is a much simpler one,
which just says: if we opened an existing file, we won't touch it if we
weren't the owners of it.

That should be safe for root _and_ it should be safe for people who
already had a file descriptor open previously (hey, if the previous
root-owned core-file was world readable, then what else is new?)

Tell me why this isn't simpler?


--- 1.111/fs/exec.c Wed Apr 21 02:11:57 2004
+++ edited/fs/exec.c Thu Apr 22 13:03:27 2004
@@ -1378,6 +1378,8 @@
inode = file->f_dentry->d_inode;
if (inode->i_nlink > 1)
goto close_fail; /* multiple links - don't dump */
+ if (inode->i_uid != current->euid || inode->i_gid != current->egid)
+ goto close_fail;
if (d_unhashed(file->f_dentry))
goto close_fail;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at