[ubuntu-hardened] fs: suid_dumpable=2 and a security issue (gain root privileges).

daniel curtis sidetripping at gmail.com
Sat Dec 12 18:54:34 UTC 2015


Hello.

Today, I've noticed an interesting article by Mr Kees Cook about
the 'suid_dumpable' sysctl value and a core dump pipe defined
in the 'core_pattern' (1, 2). Generally, "a local user can cause core
files to be written to root-writable directories etc. (...)"

There is also short "proof of concept", which I checked on Ubuntu
12.04 LTS with 3.2.0-96-generic-pae kernel (3.2.73). By default
the result for the 'suid_dumpable' command is '2'. (The same as
in the article). But if it is about 'core_pattern', there is something
like this:

|/usr/share/apport/apport %p %s %c

As we can see, it differs from what can be noticed in an article
where 'core' stands as a result. So, I would like to ask if it is
okay and there is nothing to worry about until kernel update
(see 2) to the 3.2.74 version?

Best regards.
_____________
(1) https://lwn.net/Articles/503315/
(2) https://lkml.org/lkml/2015/11/24/785
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20151212/67b08096/attachment.html>


More information about the ubuntu-hardened mailing list