mirror of https://github.com/mkerrisk/man-pages
Since kernel 2.6.18, setting 2 for PR_SET_DUMPABLE is no longer possible.
This commit is contained in:
parent
34f7665a1c
commit
a3b7f00b4a
11
man2/prctl.2
11
man2/prctl.2
|
@ -71,9 +71,14 @@ various system calls that manipulate process UIDs and GIDs).
|
|||
In kernels up to and including 2.6.12,
|
||||
.I arg2
|
||||
must be either 0 (process is not dumpable) or 1 (process is dumpable).
|
||||
Since kernel 2.6.13, the value 2 is also permitted;
|
||||
this causes any binary which normally would not be dumped
|
||||
to be dumped readable by root only.
|
||||
Between kernels 2.6.13 and 2.67, the value 2 was also permitted,
|
||||
which caused any binary which normally would not be dumped
|
||||
to be dumped readable by root only;
|
||||
for security reasons, this feature has been removed.
|
||||
.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
|
||||
.\" Subject: Fix prctl privilege escalation (CVE-2006-2451)
|
||||
.\" From: Marcel Holtmann <marcel () holtmann ! org>
|
||||
.\" Date: 2006-07-12 11:12:00
|
||||
(See also the description of
|
||||
.I /proc/sys/fs/suid_dumpable
|
||||
in
|
||||
|
|
Loading…
Reference in New Issue