[PATCH] Fix docs for fs.suid_dumpable
Sergey Vlasov noticed that there is not kernel.suid_dumpable, but fs.suid_dumpable. How KERN_SETUID_DUMPABLE ended up in fs_table[]? Hell knows... Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Alexey Dobriyan
Linus Torvalds
parent
cc36e7f124
commit
a2e0b56316
|
|
@ -25,6 +25,7 @@ Currently, these files are in /proc/sys/fs:
|
|||
- inode-state
|
||||
- overflowuid
|
||||
- overflowgid
|
||||
- suid_dumpable
|
||||
- super-max
|
||||
- super-nr
|
||||
|
||||
|
|
@ -131,6 +132,25 @@ The default is 65534.
|
|||
|
||||
==============================================================
|
||||
|
||||
suid_dumpable:
|
||||
|
||||
This value can be used to query and set the core dump mode for setuid
|
||||
or otherwise protected/tainted binaries. The modes are
|
||||
|
||||
0 - (default) - traditional behaviour. Any process which has changed
|
||||
privilege levels or is execute only will not be dumped
|
||||
1 - (debug) - all processes dump core when possible. The core dump is
|
||||
owned by the current user and no security is applied. This is
|
||||
intended for system debugging situations only. Ptrace is unchecked.
|
||||
2 - (suidsafe) - any binary which normally would not be dumped is dumped
|
||||
readable by root only. This allows the end user to remove
|
||||
such a dump but not access it directly. For security reasons
|
||||
core dumps in this mode will not overwrite one another or
|
||||
other files. This mode is appropriate when adminstrators are
|
||||
attempting to debug problems in a normal environment.
|
||||
|
||||
==============================================================
|
||||
|
||||
super-max & super-nr:
|
||||
|
||||
These numbers control the maximum number of superblocks, and
|
||||
|
|
|
|||
|
|
@ -50,7 +50,6 @@ show up in /proc/sys/kernel:
|
|||
- shmmax [ sysv ipc ]
|
||||
- shmmni
|
||||
- stop-a [ SPARC only ]
|
||||
- suid_dumpable
|
||||
- sysrq ==> Documentation/sysrq.txt
|
||||
- tainted
|
||||
- threads-max
|
||||
|
|
@ -310,25 +309,6 @@ kernel. This value defaults to SHMMAX.
|
|||
|
||||
==============================================================
|
||||
|
||||
suid_dumpable:
|
||||
|
||||
This value can be used to query and set the core dump mode for setuid
|
||||
or otherwise protected/tainted binaries. The modes are
|
||||
|
||||
0 - (default) - traditional behaviour. Any process which has changed
|
||||
privilege levels or is execute only will not be dumped
|
||||
1 - (debug) - all processes dump core when possible. The core dump is
|
||||
owned by the current user and no security is applied. This is
|
||||
intended for system debugging situations only. Ptrace is unchecked.
|
||||
2 - (suidsafe) - any binary which normally would not be dumped is dumped
|
||||
readable by root only. This allows the end user to remove
|
||||
such a dump but not access it directly. For security reasons
|
||||
core dumps in this mode will not overwrite one another or
|
||||
other files. This mode is appropriate when adminstrators are
|
||||
attempting to debug problems in a normal environment.
|
||||
|
||||
==============================================================
|
||||
|
||||
tainted:
|
||||
|
||||
Non-zero if the kernel has been tainted. Numeric values, which
|
||||
|
|
|
|||
Loading…
Reference in a new issue