WIP: only change not_dumpable via prctl() and setrlimit()

From: Willy Tarreau
Date: Sun Dec 26 2021 - 09:36:50 EST

Next message: Christophe JAILLET: "[PATCH] ice: Use bitmap_free() to free bitmap"
Previous message: Shiyang Ruan: "[PATCH v9 03/10] mm: factor helpers for memory_failure_dev_pagemap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This way a simple setuid() will not cause it. It seems to do the
trick.
---
kernel/sys.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index 0ecdb4cc64e7..eb0bf9d6dd97 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -563,9 +563,9 @@ long __sys_setreuid(uid_t ruid, uid_t euid)
if (retval < 0)
goto error;

- /* attempt to change ID drops the not-dumpable protection */
- if (get_dumpable(current->mm))
- clear_bit(MMF_NOT_DUMPABLE, &current->mm->flags);
+ ///* attempt to change ID drops the not-dumpable protection */
+ //if (get_dumpable(current->mm))
+ // clear_bit(MMF_NOT_DUMPABLE, &current->mm->flags);

return commit_creds(new);

@@ -629,9 +629,9 @@ long __sys_setuid(uid_t uid)
if (retval < 0)
goto error;

- /* attempt to change ID drops the not-dumpable protection */
- if (get_dumpable(current->mm))
- clear_bit(MMF_NOT_DUMPABLE, &current->mm->flags);
+ ///* attempt to change ID drops the not-dumpable protection */
+ //if (get_dumpable(current->mm))
+ // clear_bit(MMF_NOT_DUMPABLE, &current->mm->flags);

return commit_creds(new);

@@ -712,9 +712,9 @@ long __sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
if (retval < 0)
goto error;

- /* attempt to change ID drops the not-dumpable protection */
- if (get_dumpable(current->mm))
- clear_bit(MMF_NOT_DUMPABLE, &current->mm->flags);
+ ///* attempt to change ID drops the not-dumpable protection */
+ //if (get_dumpable(current->mm))
+ // clear_bit(MMF_NOT_DUMPABLE, &current->mm->flags);

return commit_creds(new);

@@ -1227,9 +1227,9 @@ int ksys_setsid(void)
out:
write_unlock_irq(&tasklist_lock);
if (err > 0) {
- /* session leaders reset the not-dumpable protection */
- if (get_dumpable(current->mm))
- clear_bit(MMF_NOT_DUMPABLE, &current->mm->flags);
+ ///* session leaders reset the not-dumpable protection */
+ //if (get_dumpable(current->mm))
+ // clear_bit(MMF_NOT_DUMPABLE, &current->mm->flags);

proc_sid_connector(group_leader);
sched_autogroup_create_attach(group_leader);
--
2.17.5

--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="0003-coredump-disable-core-dumps-when-transitionning-via-.patch"

Next message: Christophe JAILLET: "[PATCH] ice: Use bitmap_free() to free bitmap"
Previous message: Shiyang Ruan: "[PATCH v9 03/10] mm: factor helpers for memory_failure_dev_pagemap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]