Re: Core dumps and being root

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 28 Jul 1998 00:11:13 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Caldwell: "Re: censorship paranoia"
Previous message: Norbert Lund: "SMP in 2.1.111"
In reply to: Norbert Lund: "SMP in 2.1.111"

> Doesn't this open a huge security hole? Right now, a user can do the
> following:
>
> ln -s some_other_file core
> ./command_that_dumps_core
>
> and get a core dump in some_other_file.
>
> Now, suppose root can dump core. Then if there is a link from core to, say,
> /etc/passwd, strategically located, and root dumps core in that directory...
>
> I don't think there is a problem if root core dumps were always placed in
> /root/core, or some other "safe" location. But not the current directory.

Core dumps shouldnt follow symbolic links is a completely seperate issue
and just as relevant for non setuid programs. Think about /tmp/core

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: John Caldwell: "Re: censorship paranoia"
Previous message: Norbert Lund: "SMP in 2.1.111"
In reply to: Norbert Lund: "SMP in 2.1.111"