tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
fork
Configure Feed
Select the types of activity you want to include in your feed.
[PATCH] Fix docs for fs.suid_dumpable
Sergey Vlasov noticed that there is not kernel.suid_dumpable, but
fs.suid_dumpable.
How KERN_SETUID_DUMPABLE ended up in fs_table[]? Hell knows...
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
authored by
Alexey Dobriyan
and committed by
Linus Torvalds
a2e0b563
cc36e7f1
+20
-20
+20
Documentation/sysctl/fs.txt
+20
Documentation/sysctl/fs.txt
···
25
25
- inode-state
26
26
- overflowuid
27
27
- overflowgid
28
+
- suid_dumpable
28
29
- super-max
29
30
- super-nr
30
31
···
129
128
130
129
These sysctls allow you to change the value of the fixed UID and GID.
131
130
The default is 65534.
131
+
132
+
==============================================================
133
+
134
+
suid_dumpable:
135
+
136
+
This value can be used to query and set the core dump mode for setuid
137
+
or otherwise protected/tainted binaries. The modes are
138
+
139
+
0 - (default) - traditional behaviour. Any process which has changed
140
+
privilege levels or is execute only will not be dumped
141
+
1 - (debug) - all processes dump core when possible. The core dump is
142
+
owned by the current user and no security is applied. This is
143
+
intended for system debugging situations only. Ptrace is unchecked.
144
+
2 - (suidsafe) - any binary which normally would not be dumped is dumped
145
+
readable by root only. This allows the end user to remove
146
+
such a dump but not access it directly. For security reasons
147
+
core dumps in this mode will not overwrite one another or
148
+
other files. This mode is appropriate when adminstrators are
149
+
attempting to debug problems in a normal environment.
132
150
133
151
==============================================================
134
152
-20
Documentation/sysctl/kernel.txt
-20
Documentation/sysctl/kernel.txt
···
50
50
- shmmax [ sysv ipc ]
51
51
- shmmni
52
52
- stop-a [ SPARC only ]
53
-
- suid_dumpable
54
53
- sysrq ==> Documentation/sysrq.txt
55
54
- tainted
56
55
- threads-max
···
306
307
on the maximum shared memory segment size that can be created.
307
308
Shared memory segments up to 1Gb are now supported in the
308
309
kernel. This value defaults to SHMMAX.
309
-
310
-
==============================================================
311
-
312
-
suid_dumpable:
313
-
314
-
This value can be used to query and set the core dump mode for setuid
315
-
or otherwise protected/tainted binaries. The modes are
316
-
317
-
0 - (default) - traditional behaviour. Any process which has changed
318
-
privilege levels or is execute only will not be dumped
319
-
1 - (debug) - all processes dump core when possible. The core dump is
320
-
owned by the current user and no security is applied. This is
321
-
intended for system debugging situations only. Ptrace is unchecked.
322
-
2 - (suidsafe) - any binary which normally would not be dumped is dumped
323
-
readable by root only. This allows the end user to remove
324
-
such a dump but not access it directly. For security reasons
325
-
core dumps in this mode will not overwrite one another or
326
-
other files. This mode is appropriate when adminstrators are
327
-
attempting to debug problems in a normal environment.
328
310
329
311
==============================================================
330
312