Re: [PATCH 2/3] coredump: remove suidsafe mode related dead code
On Tue, 31 Jul 2007 15:04:58 +0800 Eugene Teo <[EMAIL PROTECTED]> wrote: > This patch removes suidsafe core dump mode related dead code. > > Signed-off-by: Eugene Teo <[EMAIL PROTECTED]> NAK: This feature is used by end users and people debugging complex system problems. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 2/3] coredump: remove suidsafe mode related dead code
This patch removes suidsafe core dump mode related dead code. Signed-off-by: Eugene Teo <[EMAIL PROTECTED]> --- fs/exec.c | 16 +--- include/linux/binfmts.h |3 --- 2 files changed, 1 insertions(+), 18 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 7bdea79..60b4080 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1723,8 +1723,6 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) struct inode * inode; struct file * file; int retval = 0; - int fsuid = current->fsuid; - int flag = 0; int ispipe = 0; audit_core_dumps(signr); @@ -1737,16 +1735,6 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) up_write(>mmap_sem); goto fail; } - - /* -* We cannot trust fsuid as being the "true" uid of the -* process nor do we know its entire history. We only know it -* was tainted so we dump it as root in mode 2. -*/ - if (get_dumpable(mm) == 2) {/* Setuid core dump mode */ - flag = O_EXCL; /* Stop rewrite attacks */ - current->fsuid = 0; /* Dump root private */ - } set_dumpable(mm, 0); retval = coredump_wait(exit_code); @@ -1778,8 +1766,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) } } else file = filp_open(corename, -O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag, -0600); +O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE, 0600); if (IS_ERR(file)) goto fail_unlock; inode = file->f_path.dentry->d_inode; @@ -1806,7 +1793,6 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) close_fail: filp_close(file, NULL); fail_unlock: - current->fsuid = fsuid; complete_all(>core_done); fail: return retval; diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 91c8c07..ca75ee4 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -81,9 +81,6 @@ extern int search_binary_handler(struct linux_binprm *,struct pt_regs *); extern int flush_old_exec(struct linux_binprm * bprm); extern int suid_dumpable; -#define SUID_DUMP_DISABLE 0 /* No setuid dumping */ -#define SUID_DUMP_USER 1 /* Dump as user of process */ -#define SUID_DUMP_ROOT 2 /* Dump as root */ /* Stack area protections */ #define EXSTACK_DEFAULT 0/* Whatever the arch defaults to */ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 2/3] coredump: remove suidsafe mode related dead code
This patch removes suidsafe core dump mode related dead code. Signed-off-by: Eugene Teo [EMAIL PROTECTED] --- fs/exec.c | 16 +--- include/linux/binfmts.h |3 --- 2 files changed, 1 insertions(+), 18 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 7bdea79..60b4080 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1723,8 +1723,6 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) struct inode * inode; struct file * file; int retval = 0; - int fsuid = current-fsuid; - int flag = 0; int ispipe = 0; audit_core_dumps(signr); @@ -1737,16 +1735,6 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) up_write(mm-mmap_sem); goto fail; } - - /* -* We cannot trust fsuid as being the true uid of the -* process nor do we know its entire history. We only know it -* was tainted so we dump it as root in mode 2. -*/ - if (get_dumpable(mm) == 2) {/* Setuid core dump mode */ - flag = O_EXCL; /* Stop rewrite attacks */ - current-fsuid = 0; /* Dump root private */ - } set_dumpable(mm, 0); retval = coredump_wait(exit_code); @@ -1778,8 +1766,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) } } else file = filp_open(corename, -O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag, -0600); +O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE, 0600); if (IS_ERR(file)) goto fail_unlock; inode = file-f_path.dentry-d_inode; @@ -1806,7 +1793,6 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) close_fail: filp_close(file, NULL); fail_unlock: - current-fsuid = fsuid; complete_all(mm-core_done); fail: return retval; diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 91c8c07..ca75ee4 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -81,9 +81,6 @@ extern int search_binary_handler(struct linux_binprm *,struct pt_regs *); extern int flush_old_exec(struct linux_binprm * bprm); extern int suid_dumpable; -#define SUID_DUMP_DISABLE 0 /* No setuid dumping */ -#define SUID_DUMP_USER 1 /* Dump as user of process */ -#define SUID_DUMP_ROOT 2 /* Dump as root */ /* Stack area protections */ #define EXSTACK_DEFAULT 0/* Whatever the arch defaults to */ - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 2/3] coredump: remove suidsafe mode related dead code
On Tue, 31 Jul 2007 15:04:58 +0800 Eugene Teo [EMAIL PROTECTED] wrote: This patch removes suidsafe core dump mode related dead code. Signed-off-by: Eugene Teo [EMAIL PROTECTED] NAK: This feature is used by end users and people debugging complex system problems. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/