core.5, proc.5: Clarify suid_dumpable versus core_pattern

In Linux 3.6, additional requirements were placed on core_pattern when suid_dumpable is set to 2. Document this and include commit references. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-01-12 11:30:24 +01:00 · 2013-01-12 11:30:24 +01:00 · 8c897fc6b2
parent bc88143e1a
commit 8c897fc6b2
2 changed files with 15 additions and 0 deletions
--- a/man5/core.5
+++ b/man5/core.5
@ -176,6 +176,14 @@ file contains the value 0, then a core dump file is simply named
 If this file contains a nonzero value, then the core dump file includes
 the process ID in a name of the form
 .IR core.PID .
+
+Since version 3.6,
+.\" 9520628e8ceb69fa9a4aee6b57f22675d9e1b709
+if
+.I /proc/sys/fs/suid_dumpable
+is set to 2 ("suidsafe"), the pattern must be either a fully qualified path
+(starting with a leading \(aq/\(aq character) or a pipe, as defined below.
+
 .SS Piping core dumps to a program
 Since kernel 2.6.19, Linux supports an alternate syntax for the
 .I /proc/sys/kernel/core_pattern
--- a/man5/proc.5
+++ b/man5/proc.5
@ -2481,6 +2481,13 @@ For security reasons core dumps in this mode will not overwrite one
 another or other files.
 This mode is appropriate when administrators are
 attempting to debug problems in a normal environment.
+Additionally, since Linux 3.6,
+.\" 9520628e8ceb69fa9a4aee6b57f22675d9e1b709
+.I /proc/sys/kernel/core_pattern
+must either be a fully-qualified path, or a pipe command, as detailed in
+.BR core (5).
+Warnings will be emitted to the kernel syslog about disallowed combinations.
+.\" 54b501992dd2a839e94e76aa392c392b55080ce8
 .TP
 .I /proc/sys/fs/super-max
 This file