OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/Documentation
History
Kees Cook 9520628e8c fs: make dumpable=2 require fully qualified path 
When the suid_dumpable sysctl is set to "2", and there is no core dump
pipe defined in the core_pattern sysctl, a local user can cause core files
to be written to root-writable directories, potentially with
user-controlled content.

This means an admin can unknowningly reintroduce a variation of
CVE-2006-2451, allowing local users to gain root privileges.

  $ cat /proc/sys/fs/suid_dumpable
  2
  $ cat /proc/sys/kernel/core_pattern
  core
  $ ulimit -c unlimited
  $ cd /
  $ ls -l core
  ls: cannot access core: No such file or directory
  $ touch core
  touch: cannot touch `core': Permission denied
  $ OHAI="evil-string-here" ping localhost >/dev/null 2>&1 &
  $ pid=$!
  $ sleep 1
  $ kill -SEGV $pid
  $ ls -l core
  -rw------- 1 root kees 458752 Jun 21 11:35 core
  $ sudo strings core | grep evil
  OHAI=evil-string-here

While cron has been fixed to abort reading a file when there is any
parse error, there are still other sensitive directories that will read
any file present and skip unparsable lines.

Instead of introducing a suid_dumpable=3 mode and breaking all users of
mode 2, this only disables the unsafe portion of mode 2 (writing to disk
via relative path).  Most users of mode 2 (e.g.  Chrome OS) already use
a core dump pipe handler, so this change will not break them.  For the
situations where a pipe handler is not defined but mode 2 is still
active, crash dumps will only be written to fully qualified paths.  If a
relative path is defined (e.g.  the default "core" pattern), dump
attempts will trigger a printk yelling about the lack of a fully
qualified path.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Alan Cox <alan@linux.intel.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Doug Ledford <dledford@redhat.com>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Cc: James Morris <james.l.morris@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2012-07-30 17:25:11 -07:00
..
ABI Driver core merge for 3.6-rc1 2012-07-26 11:25:33 -07:00
DocBook Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-07-20 12:30:48 -04:00
EDID drm: allow loading an EDID as firmware to override broken monitor 2012-03-20 10:09:28 +00:00
PCI doc: fix broken references 2011-09-27 18:08:04 +02:00
RCU rcu: Update documentation to cover call_srcu() and srcu_barrier(). 2012-07-02 12:34:03 -07:00
accounting
acpi Update documentation for parameter *notrigger* in einj.txt 2012-03-30 03:30:19 -04:00
aoe
arm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-07-24 13:34:56 -07:00
auxdisplay
backlight
blackfin
block
blockdev Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
cdrom
cgroups cgroup: Update remount documentation 2012-07-17 11:10:52 -07:00
connector connector: Move cn_test.c away from NLMSG_PUT(). 2012-06-26 21:19:02 -07:00
console
cpu-freq
cpuidle
cris
crypto
development-process
device-mapper dm: verity fix documentation 2012-07-03 12:55:41 +01:00
devicetree Merge branch 'i2c-embedded/for-next' of git://git.pengutronix.de/git/wsa/linux 2012-07-28 13:43:12 -07:00
driver-model Pin control subsystem changes for kernel 3.5: 2012-05-21 16:58:23 -07:00
dvb Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-05-24 10:21:51 -07:00
early-userspace
extcon
fault-injection
fb
filesystems don't pass nameidata to ->create() 2012-07-14 16:34:47 +04:00
firmware_class
frv
hid HID: uhid: add documentation 2012-06-18 13:42:03 +02:00
hwmon hwmon: Honeywell Humidicon HIH-6130/HIH-6131 humidity and temperature sensor driver 2012-07-21 21:48:44 -07:00
i2c i2c-i801: Enable IRQ for SMBus transactions 2012-07-24 14:13:58 +02:00
i2o Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
ia64 Fix common misspellings 2011-03-31 11:26:23 -03:00
ide
infiniband
input Input: MT - Include win8 support 2012-07-05 07:13:51 +02:00
ioctl
isdn Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
ja_JP
kbuild Merge branch 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2012-05-28 10:37:56 -07:00
kdump kexec: update URL of kexec homepage 2012-07-18 18:35:57 -07:00
ko_KR
laptops Documentation: asus-laptop.txt references an obsolete Kconfig item 2012-06-28 12:04:16 +02:00
leds LEDS: add BlinkM RGB LED driver, documentation and update MAINTAINERS 2012-07-24 16:00:51 +08:00
m68k
make
memory-devices
mips
misc-devices mei: mei.txt: minor grammar fixes 2012-06-13 13:38:25 -07:00
mmc
mn10300
mtd Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
namespaces
netlabel Documentation/: it's -> its where appropriate 2010-04-23 02:09:52 +02:00
networking net-next: minor cleanups for bonding documentation 2012-07-22 12:44:01 -07:00
nfc NFC: Error management documentation 2012-07-09 16:42:11 -04:00
parisc
pcmcia
power Merge branch 'pm-doc' 2012-07-19 00:03:46 +02:00
powerpc Documentation/powerpc/mpc52xx.txt: Checkpatch cleanup 2012-03-18 23:59:34 +01:00
pps
prctl security: Minor improvements to no_new_privs documentation 2012-07-08 00:25:48 +10:00
pti
ptp
rapidio
s390
scheduler sched: Remove stale power aware scheduling remnants and dysfunctional knobs 2012-05-17 13:48:56 +02:00
scsi Merge branch 'delete-mca' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2012-05-23 17:12:06 -07:00
security Smack: allow for significantly longer Smack labels v4 2012-05-14 22:48:38 -07:00
serial serial: delete the MCA specific 8250 support. 2012-05-17 19:02:14 -04:00
sh
sound Sound update for 3.6-rc1 2012-07-24 13:37:37 -07:00
spi
sysctl fs: make dumpable=2 require fully qualified path 2012-07-30 17:25:11 -07:00
target
telephony
thermal Thermal: Documentation update 2012-07-24 23:20:40 -04:00
timers
trace
usb usb: gadget: mass_storage: add documentation 2012-06-15 14:32:30 +03:00
vDSO
video4linux Documentation: Add newline at end-of-file to files lacking one 2012-07-20 23:10:28 +02:00
virtual KVM updates for the 3.6 merge window 2012-07-24 12:01:20 -07:00
vm mm/frontswap: cleanup doc and comment error 2012-07-23 11:16:20 -04:00
w1 w1: Add 1-wire slave device driver for DS28E04-100 2012-06-13 16:47:10 -07:00
watchdog Watchdog: DA9052/53 PMIC watchdog support 2012-05-30 07:56:12 +02:00
wimax
x86 Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-07-26 13:13:25 -07:00
zh_CN
.gitignore
00-INDEX MCA: delete all remaining traces of microchannel bus support. 2012-05-17 19:06:13 -04:00
BUG-HUNTING
Changes
CodingStyle CodingStyle: add kmalloc_array() to memory allocators 2012-05-31 17:49:26 -07:00
DMA-API-HOWTO.txt
DMA-API.txt
DMA-ISA-LPC.txt
DMA-attributes.txt
HOWTO
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt
IRQ.txt
Intel-IOMMU.txt
Makefile
ManagementStyle Documentation: ManagementStyle: fixed typo 2012-06-28 12:03:15 +02:00
SAK.txt
SM501.txt
SecurityBugs
SubmitChecklist
SubmittingDrivers
SubmittingPatches Documentation/SubmittingPatches: suggested the use of scripts/get_maintainer.pl 2012-05-25 16:18:30 +02:00
VGA-softcursor.txt
applying-patches.txt
atomic_ops.txt
bad_memory.txt
basic_profiling.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
bus-virt-phys-mapping.txt
cachetlb.txt
circular-buffers.txt
clk.txt
coccinelle.txt
cpu-hotplug.txt
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt Doc: document max raw dev number 2012-06-03 12:05:50 +02:00
digsig.txt
dma-buf-sharing.txt dma-buf: add initial vmap documentation 2012-05-25 12:51:11 +05:30
dmaengine.txt
dontdiff
dynamic-debug-howto.txt
edac.txt
eisa.txt MCA: delete all remaining traces of microchannel bus support. 2012-05-17 19:06:13 -04:00
email-clients.txt
feature-removal-schedule.txt Merge branch 'kmap_atomic' of git://github.com/congwang/linux 2012-07-27 11:26:48 -07:00
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt
gpio.txt
highuid.txt
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt Documentation/initrd.txt: Change the location of util-linux 2012-05-25 16:18:34 +02:00
intel_txt.txt
io-mapping.txt
io_ordering.txt
iostats.txt
irqflags-tracing.txt
isapnp.txt
java.txt
kernel-doc-nano-HOWTO.txt
kernel-docs.txt
kernel-parameters.txt SCSI misc on 20120724 2012-07-24 18:11:22 -07:00
kmemcheck.txt
kmemleak.txt
kobject.txt
kprobes.txt
kref.txt
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt
md.txt
media-framework.txt [media] media: Add link_validate() op to check links to the sink pad 2012-05-14 08:44:11 -03:00
memory-barriers.txt
memory-hotplug.txt
memory.txt
mono.txt
mutex-design.txt
nommu-mmap.txt
numastat.txt
oops-tracing.txt
padata.txt
parport-lowlevel.txt
parport.txt
pi-futex.txt
pinctrl.txt
pnp.txt
preempt-locking.txt
printk-formats.txt
prio_tree.txt
ramoops.txt pstore/ram: Add ftrace messages handling 2012-07-17 10:14:17 -07:00
rbtree.txt
remoteproc.txt remoteproc: adopt the driver core's alloc/add/del/put naming 2012-07-06 00:53:27 +03:00
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt
rt-mutex-design.txt
rt-mutex.txt
rtc.txt
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
sparse.txt
spinlocks.txt
stable_api_nonsense.txt
stable_kernel_rules.txt stable: Allow merging of backports for serious user-visible performance issues 2012-06-25 12:11:58 -07:00
static-keys.txt
svga.txt
sysfs-rules.txt
sysrq.txt
unaligned-memory-access.txt
unicode.txt
unshare.txt
vgaarbiter.txt
video-output.txt
vme_api.txt
volatile-considered-harmful.txt
workqueue.txt workqueue: reimplement WQ_HIGHPRI using a separate worker_pool 2012-07-13 22:24:45 -07:00
xz.txt
zorro.txt