[PATCH] coredump: clarify "unsafe core_pattern" warning

Alexey Dobriyan Sat, 29 Oct 2016 06:22:13 -0700

I was amused to find "unsafe core_pattern" warning having these lines
in /etc/sysctl.conf:


        fs.suid_dumpable=2
        kernel.core_pattern=/core/core-%e-%p-%E
        kernel.core_uses_pid=0

Turns out kernel is formally right. Default core_pattern is just "core",
which doesn't qualify for secure path while setting suid.dumpable.

Hint admins about solution, clarify sysctl names, delete unnecessary '\'
characters (string literals are concatenated regardless) and reformat
for easier grepping.

Signed-off-by: Alexey Dobriyan <[email protected]>
---

 kernel/sysctl.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

commit ba93b14a4f61e4563134abab5d81bb8b53c60df9
Author: Alexey Dobriyan <[email protected]>
Date:   Sat Oct 29 18:13:57 2016 +0300

    kernel.core_dump

--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2403,9 +2403,11 @@ static void validate_coredump_safety(void)
 #ifdef CONFIG_COREDUMP
        if (suid_dumpable == SUID_DUMP_ROOT &&
            core_pattern[0] != '/' && core_pattern[0] != '|') {
-               printk(KERN_WARNING "Unsafe core_pattern used with "\
-                       "suid_dumpable=2. Pipe handler or fully qualified "\
-                       "core dump path required.\n");
+               printk(KERN_WARNING
+"Unsafe core_pattern used with fs.suid_dumpable=2.\n"
+"Pipe handler or fully qualified core dump path required.\n"
+"Set kernel.core_pattern before fs.suid_dumpable.\n"
+               );
        }
 #endif
 }

[PATCH] coredump: clarify "unsafe core_pattern" warning

Reply via email to