fix prctl privilege escalation and suid_dumpable (CVE-2006-2451) Based on a patch from Ernie Petrides During security research, Red Hat discovered a behavioral flaw in core dump handling. A local user could create a program that would cause a core file to be dumped into a directory they would not normally have permissions to write to. This could lead to a denial of service (disk consumption), or allow the local user to gain root privileges. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

commit: 9e4e45f19bdd41b4091e5fe556f816f4046c7598 [log] [tgz]
author: Greg Kroah-Hartman <gregkh@suse.de> Thu Jul 06 13:05:42 2006 -0700
committer: Greg Kroah-Hartman <gregkh@suse.de> Thu Jul 06 13:05:42 2006 -0700
tree: 532a3c15aa1810ae15547cfd9f15cd84bcd2dfb0
parent: 2bd44a13c95e870c64ff0e3c22b5d727eb6627ea [diff]
diff --git a/kernel/sys.c b/kernel/sys.c
index 105e102..413706a 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c

@@ -1802,7 +1802,7 @@
 			error = current->mm->dumpable;
 			break;
 		case PR_SET_DUMPABLE:
-			if (arg2 < 0 || arg2 > 2) {
+			if (arg2 < 0 || arg2 > 1) {
 				error = -EINVAL;
 				break;
 			}
commit	9e4e45f19bdd41b4091e5fe556f816f4046c7598	[log] [tgz]
author	Greg Kroah-Hartman <gregkh@suse.de>	Thu Jul 06 13:05:42 2006 -0700
committer	Greg Kroah-Hartman <gregkh@suse.de>	Thu Jul 06 13:05:42 2006 -0700
tree	532a3c15aa1810ae15547cfd9f15cd84bcd2dfb0
parent	2bd44a13c95e870c64ff0e3c22b5d727eb6627ea [diff]