Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Drop setting the dumpable flag entirely in favor of setfsuid()
The root cause of containers#107 aka CVE-2016-8659 is that we were explictly turning on the dumpable flag, which allows the caller to `ptrace()` us. In fact, Linux already introduced `setfsuid()` for the NFS server for a very similar reason; see `man setfsuid`: ``` At the time when this system call was introduced, one process could send a signal to another process with the same effective user ID. This meant that if a privileged process changed its effective user ID for the purpose of file permission checking, then it could become vulnerable to receiving signals sent by another (unprivileged) process with the same user ID. ``` Let's make use of this, which makes us the same as other setuid binaries, without introducing any additional risk from being potentially `ptrace()able`.
- Loading branch information