> Better still the same syscall can expose the ability for a process to
> _set_ its dumpable flag. A process would be allowed to always clear its
> dumpable flag but never set it. This is a very useful security tool
> because a daemon running as e.g. "gdm" can clear current->dumpable and
> then a breach of a different "gdm" sibling process finds itself unable to
> attach to its sibling and snoop passwords.
As long as privileged users can still get around it. It would be annoying
if commercial apps decided to turn off dumpable so you couldn't work
around their bugs without modifying your kernel.
-- "Love the dolphins," she advised him. "Write by W.A.S.T.E.."
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/