diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-09-20 17:47:47 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-09-21 12:46:10 +0200 |
| commit | a644bc4824f437960c40cb6f0cba3b6c84cbf520 (patch) | |
| tree | 2220b2f0d401c5e1e4fdddac7e453309379d105a | |
| parent | 161946a262551e7187c8378ef3bfc7b3f0a646d1 (diff) | |
| download | man-pages-a644bc4824f437960c40cb6f0cba3b6c84cbf520.tar.gz | |
prctl.2: Simplify list of cases where "dumpable" attribute is reset
Simplify list of cases that cause dumpable attribute to
reset to suid_dumpable: there were two lists that together
in effect had many duplicates.
Also some minor rewordings.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
| -rw-r--r-- | man2/prctl.2 | 34 |
1 files changed, 6 insertions, 28 deletions
diff --git a/man2/prctl.2 b/man2/prctl.2 index 0f9c63fa12..ae1fbc5fea 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -212,42 +212,20 @@ Normally, this flag is set to 1. However, it is reset to the current value contained in the file .IR /proc/sys/fs/\:suid_dumpable (which by default has the value 0), -if any of the following attributes of the process -are changed by the operations listed below: +in the following circumstances: .\" See kernel/cred.c::commit_creds() (Linux 3.18 sources) .RS .IP * 3 -The effective user or group ID is changed. +The process's effective user or group ID is changed. .IP * -The filesystem user or group ID is changed (see +The process's filesystem user or group ID is changed (see .BR credentials (7)). .IP * -The process's set of permitted capabilities (see -.BR capabilities (7)) -is changed such that its new set of capabilities is -not a subset of its previous set of capabilities. -.RE -.IP -The operations that may trigger changes to the dumpable flag include: -.\" Look for uses of commit_creds() in the kernel source code -.RS -.IP * 3 -execution +The process executes .RB ( execve (2)) -of a set-user-ID or set-group-ID program, +a set-user-ID or set-group-ID program, or a program that has capabilities (see -.BR capabilities (7)); -.IP * -.BR capset (2); -and -.IP * -system calls that change process credentials -.RB ( setuid (2) -.BR setgid (2), -.BR setresuid (2), -.BR setresgid (2), -.BR setgroups (2), -and so on). +.BR capabilities (7)). .\" Also certain namespace operations; .RE .IP |