Hi!
> > When a new process is created, the process inherits the coremask
> > setting from its parent. It is useful to set the coremask before
> > the program runs. For example:
> >
> > $ echo 1 > /proc/self/coremask
> > $ ./some_program
>
> The requirement makes sense, I guess.
>
> Regarding the implementation: if we add
>
> unsigned char coredump_omit_anon_memory:1;
>
> into the mm_struct right next to `dumpable' then we avoid increasing the
> size of the mm_struct, and the code gets neater.
>
>
> Modification of this field is racy, and we don't have a suitable lock in
> mm_struct to fix that. I don't think we care about that a lot, but it'd be
> best to find some way of fixing it.
>
>
> Really we should convert binfmt_aout.c and any other coredumpers too.
>
>
> Does this feature have any security implications? For example, there might
> be system administration programs which force a coredump on a "bad"
> process, and leave the core somewhere for the administrator to look at.
> With this change, we permit hiding of that corefile's anon memory from the
> administrator. OK, lame example, but perhaps there are better ones.
User can already ulimit -c 0 on himself, perhaps we want to use same
interface here? ulimit -cmask=(bitmask)?
Pavel
--
Thanks for all the (sleeping) penguins.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]