fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)

Based on a patch from Ernie Petrides During security research, Red Hat discovered a behavioral flaw in core dump handling. A local user could create a program that would cause a core file to be dumped into a directory they would not normally have permissions to write to. This could lead to a denial of service (disk consumption), or allow the local user to gain root privileges. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
Based on a patch from Ernie Petrides During security research, Red Hat discovered a behavioral flaw in core dump handling. A local user could create a program that would cause a core file to be dumped into a directory they would not normally have permissions to write to. This could lead to a denial of service (disk consumption), or allow the local user to gain root privileges. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
9e4e45f1 · Greg Kroah-Hartman · 2bd44a13 · 9e4e45f1
Commit 9e4e45f1 authored Jul 06, 2006 by Greg Kroah-Hartman
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

kernel/sys.c kernel/sys.c +1 -1

No files found.
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1802,7 +1802,7 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
 			error = current->mm->dumpable;
 			break;
 		case PR_SET_DUMPABLE:
-			if (arg2 < 0 || arg2 > 2) {
+			if (arg2 < 0 || arg2 > 1) {
 				error = -EINVAL;
 				break;
 			}