The get_dumpable() return value is not boolean. Most users of the function actually want to be testing for non-SUID_DUMP_USER(1) rather than SUID_DUMP_DISABLE(0). The SUID_DUMP_ROOT(2) is also considered a protected state. If the system had set the sysctl fs.suid_dumpable=2, a user was able to ptrace attach to processes that he would otherwise be unable to because of the dumpable check. Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d049f74f2dbe71354d43d393ac3a188947811348
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2014:0100 https://rhn.redhat.com/errata/RHSA-2014-0100.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0159 https://rhn.redhat.com/errata/RHSA-2014-0159.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0285 https://rhn.redhat.com/errata/RHSA-2014-0285.html
IssueDescription: A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html
Statement: (none)
This issue has been addressed in the following products: Red Hat Enterprise Linux 5.9 Long Life Via RHSA-2018:1252 https://access.redhat.com/errata/RHSA-2018:1252