I'm running a bash script to copy some log files and then restart a service on a Red Hat box. Every time I execute the script, I get the following on my console:
[root@servername ~]# sh /bin/restart_nss.sh
_dumpable = 1
kernel.suid
Stopping Service: [ OK ]
Starting Service: [ OK ]
[root@servername ~]#
What does "kernel.suid_dumpable = 1" mean in this case?
Thanks,
IVR Avenger
Best Answer
Some Background:
The setuid bit:
The setuid bit on a executable file makes it so executables that are run by any user, are run as if they were being run by the owner of the executable. So if setuid is set on a program that is owned by root, no matter who runs it, it will be run with root privileges. It is of course not that simple, see this wikipedia article, or get a copy of Steven's Programing in the Unix Environment.
A Core Dump:
A core dump is a dump of the program's working memory to a file. See this wikipedia article.
suid_dumpable:
This controls if the core can be dumped from a setuid program as described above. See below. This is a kernel tunable, you can change it with:
You would find out about this tunable in documentation for your sourcode, which if installed, you might find in a directory like: /usr/src/linux-source-2.6.27/Documentation/sysctl/ . In this case, the reference below is in fs.txt in that directory. Use the
uname -a
command to find out your kernel version.Why it Matters:
It could be a security risk:
So the idea is, if there are core dumps and a regular user can read them, they might find out privileged information. If the program is dumped well it had privileged information in memory, and the user can read the dump, they might find out that privileged information.
Reference: