Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: set dumpable flag after setuid #11582

Merged
merged 1 commit into from Oct 28, 2016
Merged

core: set dumpable flag after setuid #11582

merged 1 commit into from Oct 28, 2016

Conversation

batrick
Copy link
Member

@batrick batrick commented Oct 20, 2016

When ceph-* drops drops privileges via setuid, core dumps are no longer
generated because its DUMPABLE flag is cleared. We have to manually
turn that back on.

From prctl(2):

  Normally, this flag is set to 1.  However, it is reset to the current value contained in the file /proc/sys/fs/suid_dumpable (which by default has the value 0), in the fol‐
  lowing circumstances:

  *  The process's effective user or group ID is changed.

  *  The process's filesystem user or group ID is changed (see credentials(7)).

  *  The process executes (execve(2)) a set-user-ID or set-group-ID program, or a program that has capabilities (see capabilities(7)).

Fixes: http://tracker.ceph.com/issues/17650

Signed-off-by: Patrick Donnelly pdonnell@redhat.com

@batrick
core: set dumpable flag after setuid
ff0e521 
When ceph-* drops drops privileges via setuid, core dumps are no longer
generated because its DUMPABLE flag is cleared. We have to manually
turn that back on.

From prctl(2):

      Normally, this flag is set to 1.  However, it is reset to the current value contained in the file /proc/sys/fs/suid_dumpable (which by default has the value 0), in the fol‐
      lowing circumstances:

      *  The process's effective user or group ID is changed.

      *  The process's filesystem user or group ID is changed (see credentials(7)).

      *  The process executes (execve(2)) a set-user-ID or set-group-ID program, or a program that has capabilities (see capabilities(7)).

Fixes: http://tracker.ceph.com/issues/17650

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
@badone
Copy link
Contributor

badone commented Oct 23, 2016

lgtm

@badone
Copy link
Contributor

badone commented Oct 28, 2016

test this please

@badone
Copy link
Contributor

badone commented Oct 28, 2016

Failure is known issue, http://tracker.ceph.com/issues/17561

@badone badone merged commit a271880 into ceph:master Oct 28, 2016
@badone badone removed the needs-qa label Oct 28, 2016
@batrick batrick deleted the ceph-dumpable branch November 23, 2016 00:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug-fix core
Projects
None yet
Milestone
No milestone
2 participants
@batrick @badone