Fixed in upstream release 2.12.6: https://launchpad.net/apport/trunk/2.12.6
** Description changed: Elsewhere I have been working on a sensitive information leak via core dump generated by gcore(1). The sensitive information in question is read by a stock setuid root binary executed by a non-privileged user. On Ubuntu Desktop fs.suid_dumpable=2. Referencing https://www.kernel.org/doc/Documentation/sysctl/fs.txt: 2 - (suidsafe) - any binary which normally would not be dumped is dumped - anyway, but only if the "core_pattern" kernel sysctl is set to - either a pipe handler or a fully qualified path. (For more details - on this limitation, see CVE-2006-2451.) This mode is appropriate - when administrators are attempting to debug problems in a normal - environment, and either have a core dump pipe handler that knows - to treat privileged core dumps with care, or specific directory - defined for catching core dumps. If a core dump happens without - a pipe handler or fully qualifid path, a message will be emitted - to syslog warning about the lack of a correct setting. + anyway, but only if the "core_pattern" kernel sysctl is set to + either a pipe handler or a fully qualified path. (For more details + on this limitation, see CVE-2006-2451.) This mode is appropriate + when administrators are attempting to debug problems in a normal + environment, and either have a core dump pipe handler that knows + to treat privileged core dumps with care, or specific directory + defined for catching core dumps. If a core dump happens without + a pipe handler or fully qualifid path, a message will be emitted + to syslog warning about the lack of a correct setting. NB "treat privileged core dumps with care". On a stock Desktop 12.04 LTS install: - kernel.core_pattern = |/usr/share/apport/apport %p %s %c + kernel.core_pattern = |/usr/share/apport/apport %p %s %c apport dutifully dumps the core and this is readable (0660, user:user) by the invoking user, whereas it should be something like 0440, root:root. I believe this to be a bug in apport. + + TRUNK FIX: http://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/2723 + Backports for older releases available as attachments here. ** Changed in: apport Status: In Progress => Fix Committed ** Changed in: apport Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1242435 Title: Desktop setuid cores readable by non-privileged user To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1242435/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
