From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Thu, 6 Jul 2006 20:02:05 +0000 (-0700)
Subject: fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
X-Git-Tag: v2.6.17.4~1
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0;p=karo-tx-linux.git

fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)

Based on a patch from Ernie Petrides

During security research, Red Hat discovered a behavioral flaw in core
dump handling. A local user could create a program that would cause a
core file to be dumped into a directory they would not normally have
permissions to write to. This could lead to a denial of service (disk
consumption), or allow the local user to gain root privileges.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/kernel/sys.c b/kernel/sys.c
index 0b6ec0e7936f..59273f7631b7 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1991,7 +1991,7 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
 			error = current->mm->dumpable;
 			break;
 		case PR_SET_DUMPABLE:
-			if (arg2 < 0 || arg2 > 2) {
+			if (arg2 < 0 || arg2 > 1) {
 				error = -EINVAL;
 				break;
 			}