[PATCH] coredump: use %d in kernel core pattern
The kernel provides %d which is documented as
"dump mode—same as value returned by prctl(2) PR_GET_DUMPABLE".
We already query /proc/pid/auxv for this information, but unfortunately this
check is subject to a race, because the crashed process may be replaced by an
attacker before we read this data, for example replacing a SUID process that
was killed by a signal with another process that is not SUID, tricking us into
making the coredump of the original process readable by the attacker.
With this patch, we effectively add one more check to the list of conditions
that need be satisfied if we are to make the coredump accessible to the user.
Reportedy-by: Qualys Security Advisory <qsa@qualys.com>
(cherry-picked from commit
0c49e0049b7665bb7769a13ef346fef92e1ad4d6)
(cherry-picked from commit
c58a8a6ec9817275bb4babaa2c08e0e35090d4e3)
(cherry picked from commit
19d439189ab85dd7222bdd59fd442bbcc8ea99a7)
(cherry picked from commit
254ab8d2a7866679cee006d844d078774cbac3c9)
(cherry picked from commit
7fc7aa5a4d28d7768dfd1eb85be385c3ea949168)
(cherry picked from commit
19b228662e0fcc6596c0395a0af8486a4b3f1627)
Origin: upstream, https://github.com/systemd/systemd-stable/commit/
2eb46dce078334805c547cbcf5e6462cf9d2f9f0
Forwarded: not-needed
Last-Update: 2025-06-23
Gbp-Pq: Name CVE-2025-4598-4.patch
projects / systemd.git / commit