From da2953f7d61c59674f7e8d37fc7df0889ac18ad7 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sun, 26 Dec 2021 15:36:50 +0100 Subject: WIP: only change not_dumpable via prctl() and setrlimit() This way a simple setuid() will not cause it. It seems to do the trick. --- kernel/sys.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index 0ecdb4cc64e7..eb0bf9d6dd97 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -563,9 +563,9 @@ long __sys_setreuid(uid_t ruid, uid_t euid) if (retval < 0) goto error; - /* attempt to change ID drops the not-dumpable protection */ - if (get_dumpable(current->mm)) - clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); + ///* attempt to change ID drops the not-dumpable protection */ + //if (get_dumpable(current->mm)) + // clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); return commit_creds(new); @@ -629,9 +629,9 @@ long __sys_setuid(uid_t uid) if (retval < 0) goto error; - /* attempt to change ID drops the not-dumpable protection */ - if (get_dumpable(current->mm)) - clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); + ///* attempt to change ID drops the not-dumpable protection */ + //if (get_dumpable(current->mm)) + // clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); return commit_creds(new); @@ -712,9 +712,9 @@ long __sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) if (retval < 0) goto error; - /* attempt to change ID drops the not-dumpable protection */ - if (get_dumpable(current->mm)) - clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); + ///* attempt to change ID drops the not-dumpable protection */ + //if (get_dumpable(current->mm)) + // clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); return commit_creds(new); @@ -1227,9 +1227,9 @@ int ksys_setsid(void) out: write_unlock_irq(&tasklist_lock); if (err > 0) { - /* session leaders reset the not-dumpable protection */ - if (get_dumpable(current->mm)) - clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); + ///* session leaders reset the not-dumpable protection */ + //if (get_dumpable(current->mm)) + // clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); proc_sid_connector(group_leader); sched_autogroup_create_attach(group_leader); -- 2.17.5