Skip to content
  • Alan Cox's avatar
    [PATCH] setuid core dump · d6e71144
    Alan Cox authored
    Add a new `suid_dumpable' sysctl:
    This value can be used to query and set the core dump mode for setuid
    or otherwise protected/tainted binaries. The modes are
    0 - (default) - traditional behaviour.  Any process which has changed
        privilege levels or is execute only will not be dumped
    1 - (debug) - all processes dump core when possible.  The core dump is
        owned by the current user and no security is applied.  This is intended
        for system debugging situations only.  Ptrace is unchecked.
    2 - (suidsafe) - any binary which normally would not be dumped is dumped
        readable by root only.  This allows the end user to remove such a dump but
        not access it directly.  For security reasons core dumps in this mode will
        not overwrite one another or other files.  This mode is appropriate when
        adminstrators are attempting to debug problems in a normal environment.
    > > +EXPORT_SYMBOL(suid_dumpable);
    No problem to me.
    > >  	if (current->euid == current->uid && current->egid == current->gid)
    > >  		current->mm->dumpable = 1;
    > Should this be SUID_DUMP_USER?
    Actually the feedback I had from last time was that the SUID_ defines
    should go because its clearer to follow the numbers. They can go
    everywhere (and there are lots of places where dumpable is tested/used
    as a bool in untouched code)
    > Maybe this should be renamed to `dump_policy' or something.  Doing that
    > would help us catch any code which isn't using the #defines, too.
    Fair comment. The patch was designed to be easy to maintain for Red Hat
    rather than for merging. Changing that field would create a gigantic
    diff because it is used all over the place.
    Signed-off-by: default avatarAlan Cox <>
    Signed-off-by: default avatarAndrew Morton <>
    Signed-off-by: default avatarLinus Torvalds <>