From: Michael Kerrisk Date: Tue, 26 Sep 2006 08:36:02 +0000 (+0000) Subject: Since kernel 2.6.18, setting 2 for PR_SET_DUMPABLE is no longer possible. X-Git-Tag: man-pages-2.41~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a3b7f00b4a19816511f35fc78637d77a69147fba;p=thirdparty%2Fman-pages.git Since kernel 2.6.18, setting 2 for PR_SET_DUMPABLE is no longer possible. --- diff --git a/man2/prctl.2 b/man2/prctl.2 index a4ceb203e1..071335b925 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -71,9 +71,14 @@ various system calls that manipulate process UIDs and GIDs). In kernels up to and including 2.6.12, .I arg2 must be either 0 (process is not dumpable) or 1 (process is dumpable). -Since kernel 2.6.13, the value 2 is also permitted; -this causes any binary which normally would not be dumped -to be dumped readable by root only. +Between kernels 2.6.13 and 2.67, the value 2 was also permitted, +which caused any binary which normally would not be dumped +to be dumped readable by root only; +for security reasons, this feature has been removed. +.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2 +.\" Subject: Fix prctl privilege escalation (CVE-2006-2451) +.\" From: Marcel Holtmann +.\" Date: 2006-07-12 11:12:00 (See also the description of .I /proc/sys/fs/suid_dumpable in