>From 8ca54b3a0bba56dbfce8ccf96ba36a1d6c189e85 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sun, 26 Dec 2021 15:17:08 +0100 Subject: WIP: only remove non-dumpable in the non-suid program this way sudo doesn't drop its own not-dumpable flag before executing. --- fs/coredump.c | 2 ++ include/linux/sched/coredump.h | 4 ++-- kernel/sys.c | 15 ++++++++++----- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/fs/coredump.c b/fs/coredump.c index 3224dee44d30..5f0bfe2c00a6 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -609,6 +609,8 @@ void do_coredump(const kernel_siginfo_t *siginfo) goto fail; if (!__get_dumpable(cprm.mm_flags)) goto fail; + if (cprm.mm_flags & MMF_NOT_DUMPABLE_MASK) + goto fail; cred = prepare_creds(); if (!cred) diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index 302f31247c90..662508d139e1 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -80,8 +80,8 @@ extern void set_dumpable(struct mm_struct *mm, int value); */ static inline int __get_dumpable(unsigned long mm_flags) { - if (mm_flags & MMF_NOT_DUMPABLE_MASK) - return SUID_DUMP_DISABLE; + //if (mm_flags & MMF_NOT_DUMPABLE_MASK) + // return SUID_DUMP_DISABLE; return mm_flags & MMF_DUMPABLE_MASK; } diff --git a/kernel/sys.c b/kernel/sys.c index f4405e004145..0ecdb4cc64e7 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -564,7 +564,8 @@ long __sys_setreuid(uid_t ruid, uid_t euid) goto error; /* attempt to change ID drops the not-dumpable protection */ - clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); + if (get_dumpable(current->mm)) + clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); return commit_creds(new); @@ -629,7 +630,8 @@ long __sys_setuid(uid_t uid) goto error; /* attempt to change ID drops the not-dumpable protection */ - clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); + if (get_dumpable(current->mm)) + clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); return commit_creds(new); @@ -711,7 +713,8 @@ long __sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) goto error; /* attempt to change ID drops the not-dumpable protection */ - clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); + if (get_dumpable(current->mm)) + clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); return commit_creds(new); @@ -1225,7 +1228,8 @@ int ksys_setsid(void) write_unlock_irq(&tasklist_lock); if (err > 0) { /* session leaders reset the not-dumpable protection */ - clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); + if (get_dumpable(current->mm)) + clear_bit(MMF_NOT_DUMPABLE, ¤t->mm->flags); proc_sid_connector(group_leader); sched_autogroup_create_attach(group_leader); @@ -1627,7 +1631,8 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource, * If an application wants to change its own core dump settings, it * wants to decide on its dumpability so we reset MMF_NOT_DUMPABLE. */ - if (!retval && new_rlim && resource == RLIMIT_CORE && tsk == current) + if (!retval && new_rlim && resource == RLIMIT_CORE && tsk == current && + get_dumpable(tsk->mm)) clear_bit(MMF_NOT_DUMPABLE, &tsk->mm->flags); out: read_unlock(&tasklist_lock); -- 2.17.5