Red Hat Bugzilla – Bug 198963
CVE-2006-2451 Possible privilege escalation through prctl() and suid_dumpable
Last modified: 2007-11-30 17:11:37 EST
I've just reproduced this issue under kernel-2.6.17-1.2145 on FC-5 and
kernel-2.6.17-1.2364 on FC-6 - see bug 198893 for a nasty reproducer.
I suggest that we apply the patch to prevent processes with the
PR_SET_DUMPABLE flag set from being able to dump core in whatever
directory they can cd into, regardless of whether the userid has
write permission, ASAP.
fixed in 2158 for FC5
fixed in rawhide too some time after 2364.