This adds a short description of the no_new_privs bit,
as described in Documentation/prctl/no_new_privs.txt.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Note type of 'arg3' for SECCOMP_MODE_FILTER.
Add pointer to Documentation/prctl/seccomp_filter.txt.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This adds a short summary of the arguments used
for "mode 2" (BPF) seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Add some basic documentation of these operations, with a pointer to
tools/perf/design.txt for more information.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The corresponding kernel change from Marchel Holtmann was
The attached patch fixes a flaw in the "parent process
death signal" when executing SUID binaries. An
unprivileged user may send arbitrary signal to a child
process even if it is running with higher privileges.
The idea to fix this issue is to reset pdeath_signal not
only on fork, but also on the execution of a SUID binary.
Reported-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Remove some FIXMEs and comment out pieces of text that describe
features not yet merged mainline kernel.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
* Wording improvements
* Addition of some FIXMEs for suspicious points
* Addition of various EINVAL cases
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
We've recently discovered that GDB will fail to attach to any
process that sets itself non-dumpable. Tested on kernel 2.6.32,
with:
int main(int argc, char *argv[])
{
if (prctl(PR_SET_DUMPABLE, 0, 0, 0) != 0) {
perror("prctl");
}
printf("Run gdb %s %d\n", argv[0], getpid());
sleep(20);
abort();
}
./a.out
Run gdb ./a.out 30476
gdb -q ./a.out 30476
Reading symbols from /tmp/a.out...done.
Attaching to program: /tmp/a.out, process 30476
ptrace: Operation not permitted.
/tmp/30476: No such file or directory.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The "keep capabilities" flag only affects the treatment of
permitted capabilities, not effective capabilities.
Also: other improvements to make the PR_SET_KEEPCAPS text clearer.
Reported-by: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "non-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "non-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "non-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Document PR_GET_TSC and PR_SET_TSC.
Document PR_SET_SECCOMP and PR_GET_SECCOMP.
PR_SET_KEEPCAPS and PR_GET_KEEPCAPS operate on a per-thread
setting, not a per-process setting.
Clarify fork(2) details for PR_SET_PDEATHSIG.
Add description of PR_SET_SECUREBITS and PR_GET_SECUREBITS,
as well as pointer to further info in capabilities(7).
PR_GET_ENDIAN returns endianness info in location pointed to by
arg2 (not as function result, as was implied by previous text).
Expand description of PR_SET_NAME and PR_GET_NAME.
RETURN VALUE: bring up to date for various options.
Various improvements in ERRORS.
Note that PR_SET_TIMING setting of PR_TIMING_TIMESTAMP is not
currently implemented.
Minor changes:
* Clarify wording for PR_GET_UNALIGN, PR_GET_FPEMU, and PR_GET_FPEXC.
* Some reformatting of kernel version information.
* Reorder PR_GET_ENDIAN and PR_SET_ENDIAN entries.
David Prévot