mirror of https://github.com/mkerrisk/man-pages
Since kernel 2.6.18, setting 2 for PR_SET_DUMPABLE is no longer possible.
This commit is contained in:
parent
34f7665a1c
commit
a3b7f00b4a
11
man2/prctl.2
11
man2/prctl.2
|
@ -71,9 +71,14 @@ various system calls that manipulate process UIDs and GIDs).
|
||||||
In kernels up to and including 2.6.12,
|
In kernels up to and including 2.6.12,
|
||||||
.I arg2
|
.I arg2
|
||||||
must be either 0 (process is not dumpable) or 1 (process is dumpable).
|
must be either 0 (process is not dumpable) or 1 (process is dumpable).
|
||||||
Since kernel 2.6.13, the value 2 is also permitted;
|
Between kernels 2.6.13 and 2.67, the value 2 was also permitted,
|
||||||
this causes any binary which normally would not be dumped
|
which caused any binary which normally would not be dumped
|
||||||
to be dumped readable by root only.
|
to be dumped readable by root only;
|
||||||
|
for security reasons, this feature has been removed.
|
||||||
|
.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
|
||||||
|
.\" Subject: Fix prctl privilege escalation (CVE-2006-2451)
|
||||||
|
.\" From: Marcel Holtmann <marcel () holtmann ! org>
|
||||||
|
.\" Date: 2006-07-12 11:12:00
|
||||||
(See also the description of
|
(See also the description of
|
||||||
.I /proc/sys/fs/suid_dumpable
|
.I /proc/sys/fs/suid_dumpable
|
||||||
in
|
in
|
||||||
|
|
Loading…
Reference in New Issue