openwrtv3/package/base-files/files/etc
Kevin Darbyshire-Bryant 7765e442d0 basefiles: allow suid coredumps
Set sysctl fs.suid_dumpable = 2

This allows suid processes to dump core according to kernel.core_pattern
setting.  LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)

Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core.  This setting removes an
obscure stumbling block along the way.

>From https://www.kernel.org/doc/Documentation/sysctl/fs.txt

suid_dumpable:

This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are

0 - (default) - traditional behaviour. Any process which has changed
	privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
	owned by the current user and no security is applied. This is
	intended for system debugging situations only. Ptrace is unchecked.
	This is insecure as it allows regular users to examine the memory
	contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
	anyway, but only if the "core_pattern" kernel sysctl is set to
	either a pipe handler or a fully qualified path. (For more details
	on this limitation, see CVE-2006-2451.) This mode is appropriate
	when administrators are attempting to debug problems in a normal
	environment, and either have a core dump pipe handler that knows
	to treat privileged core dumps with care, or specific directory
	defined for catching core dumps. If a core dump happens without
	a pipe handler or fully qualifid path, a message will be emitted
	to syslog warning about the lack of a correct setting.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2017-09-12 22:18:45 +02:00
..
board.d base-files: remove default /etc/config/network, generate it via board.d instead 2016-01-25 16:30:41 +00:00
hotplug.d/net sysctl: read settings from /etc/sysctl.d/*.conf 2015-07-07 13:47:23 +00:00
init.d base-files, mac80211, broadcom-wl: wifi detection and configuration 2016-11-03 11:08:01 +01:00
iproute2 base-files: add /etc/iproute2/rt_protos 2017-01-18 13:15:28 +01:00
rc.button base-files: Ensure reset only works if an overlay exists 2016-10-27 12:45:05 +02:00
sysctl.d sysctl: read settings from /etc/sysctl.d/*.conf 2015-07-07 13:47:23 +00:00
uci-defaults base-files: fix user creation on sysupgrade with few opkg control files 2017-01-24 19:08:41 +01:00
banner build: adjust version number handling 2016-12-02 16:02:02 +01:00
banner.failsafe failsafe-mode: print short help on commandline 2014-10-20 06:29:05 +00:00
device_info base-files: add URL option for OEM manufacturer info 2015-10-05 10:28:53 +00:00
diag.sh base-files: make diag.sh stub working in bash 2009-04-30 21:00:57 +00:00
fstab base-files: remove fstab symlink 2016-06-17 04:13:07 +02:00
group base-files: add "tty" user group 2017-06-26 10:02:20 +02:00
hosts base-files: add /etc/hosts entries for ::1, ff02::1 and ff02::2 2015-09-02 11:54:03 +00:00
inittab image / basefiles: make console password configurable 2016-04-18 21:53:07 +02:00
openwrt_release base-files: add ARCH_PACKAGES to openwrt_release and os-release 2017-01-16 13:29:47 +01:00
openwrt_version build: adjust version number handling 2016-12-02 16:02:02 +01:00
os-release base-files: Add standard os-release file 2016-06-24 13:52:53 +02:00
passwd base-files: prime root password with "x" to notify programs that there is a shadow record, fix /bin/login.sh password detection accordingly. Solves broken key based dropbear login with empty password after r28935. 2011-11-14 19:02:01 +00:00
preinit preinit: use only the image config options 2016-08-10 03:04:08 +02:00
profile base-files: fix message of initscript wrapper 2017-01-02 16:47:59 +01:00
protocols base-files: add DCCP to /etc/protocols 2015-11-15 22:09:13 +00:00
rc.common base-files: fix default procd reload 2017-05-20 20:43:45 +02:00
rc.local base-files: introduce a ready-to-use /etc/rc.local to let users run custom commands on init without creating custom init scripts 2009-09-11 21:35:03 +00:00
services base-files: add submission service port 2017-03-11 05:53:33 +01:00
shadow the root password should be empty for real, like before 2014-02-21 10:39:14 +00:00
shells
sysctl.conf basefiles: allow suid coredumps 2017-09-12 22:18:45 +02:00
sysupgrade.conf base-files: - add sysupgrade support for keepfile hints * introduces /lib/upgrade/keep.d/ for per-package keepfile lists * introduces /etc/sysupgrade.conf for user defined keepfile hints - prime /lib/upgrade/keep.d/base-files-essential to keep sysupgrade usable for images without opkg - change sysupgrade to build the keepfile list from /lib/upgrade/keep.d/, /etc/sysupgrade.conf and opkg list-changed-conffiles 2010-10-05 19:24:12 +00:00