Since kernel 2.6.18, setting 2 for PR_SET_DUMPABLE is no longer possible.

author Michael Kerrisk <mtk.manpages@gmail.com>

Tue, 26 Sep 2006 08:36:02 +0000 (08:36 +0000)

committer Michael Kerrisk <mtk.manpages@gmail.com>

Tue, 26 Sep 2006 08:36:02 +0000 (08:36 +0000)
author Michael Kerrisk <mtk.manpages@gmail.com>
Tue, 26 Sep 2006 08:36:02 +0000 (08:36 +0000)
committer Michael Kerrisk <mtk.manpages@gmail.com>
Tue, 26 Sep 2006 08:36:02 +0000 (08:36 +0000)
diff --git a/man2/prctl.2 b/man2/prctl.2

index a4ceb203e11978ede574636230351aa4df4c6bdd..071335b92558bd1e5957360b6980c66058325843 100644 (file)
--- a/man2/prctl.2
+++ b/man2/prctl.2
@@ -71,9 +71,14 @@ various system calls that manipulate process UIDs and GIDs).
  In kernels up to and including 2.6.12,
  .I arg2
  must be either 0 (process is not dumpable) or 1 (process is dumpable).
-Since kernel 2.6.13, the value 2 is also permitted;
-this causes any binary which normally would not be dumped 
-to be dumped readable by root only. 
+Between kernels 2.6.13 and 2.67, the value 2 was also permitted,
+which caused any binary which normally would not be dumped 
+to be dumped readable by root only; 
+for security reasons, this feature has been removed.
+.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
+.\" Subject:    Fix prctl privilege escalation (CVE-2006-2451)
+.\" From:       Marcel Holtmann <marcel () holtmann ! org>
+.\" Date:       2006-07-12 11:12:00
  (See also the description of 
  .I /proc/sys/fs/suid_dumpable
  in
author	Michael Kerrisk <mtk.manpages@gmail.com>
	Tue, 26 Sep 2006 08:36:02 +0000 (08:36 +0000)
committer	Michael Kerrisk <mtk.manpages@gmail.com>
	Tue, 26 Sep 2006 08:36:02 +0000 (08:36 +0000)