SAFE public projects git trees. - safe/jmp/linux-2.6/commit

author	Roland McGrath <roland@redhat.com>
	Mon, 12 Nov 2007 03:13:43 +0000 (19:13 -0800)
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>
	Mon, 12 Nov 2007 18:32:29 +0000 (10:32 -0800)
commit	00ec99da43a7c2aed46c6595aa271b84bb1b1462
tree	88eec24facdcba422db6a13206d4586daef9e1ad	tree \| snapshot
parent	6e800af233e0bdf108efb7bd23c11ea6fa34cdeb	commit \| diff

core dump: remain dumpable

The coredump code always calls set_dumpable(0) when it starts (even
if RLIMIT_CORE prevents any core from being dumped).  The effect of
this (via task_dumpable) is to make /proc/pid/* files owned by root
instead of the user, so the user can no longer examine his own
process--in a case where there was never any privileged data to
protect.  This affects e.g. auxv, environ, fd; in Fedora (execshield)
kernels, also maps.  In practice, you can only notice this when a
debugger has requested PTRACE_EVENT_EXIT tracing.

set_dumpable was only used in do_coredump for synchronization and not
intended for any security purpose.  (It doesn't secure anything that wasn't
already unsecured when a process dies by SIGTERM instead of SIGQUIT.)

This changes do_coredump to check the core_waiters count as the means of
synchronization, which is sufficient.  Now we leave the "dumpable" bits alone.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>