oss-sec mailing list archives

Re: kernel: fs.suid_dumpable=2 privilege escalation

From: Kees Cook <keescook () chromium org>
Date: Thu, 16 Apr 2015 11:41:12 -0700

On Thu, Apr 16, 2015 at 5:42 AM, Florian Weimer <fweimer () redhat com> wrote:

Should this be treated as a security vulnerability?

“fs: make dumpable=2 require fully qualified path”
<http://lwn.net/Articles/503682/>

Some widely-used cronie versions still do not have hardening and parse
commands in core dumps.


I didn't seek a CVE for this at the time since it requires a pretty
specific combination of configurations. Namely: setting dumpable=2
without a dump handler, which I couldn't find any distro doing. I have
no objection, of course.

-Kees

-- 
Kees Cook
Chrome OS Security

Current thread:

kernel: fs.suid_dumpable=2 privilege escalation Florian Weimer (Apr 16)
- Re: kernel: fs.suid_dumpable=2 privilege escalation cve-assign (Apr 16)
- Re: kernel: fs.suid_dumpable=2 privilege escalation Kees Cook (Apr 16)
  - Re: kernel: fs.suid_dumpable=2 privilege escalation Florian Weimer (Apr 17)