Package: manpages-dev Version: 2.34-1 Severity: normal Tags: patch It's bad enough that we got hacked through a security hole, so at least let's not go on pretending it was a feature.
Regards, Daniel.
--- prctl.2.orig 2006-07-14 18:47:20.000000000 +0200 +++ prctl.2 2006-07-14 18:46:19.000000000 +0200 @@ -68,13 +68,14 @@ (Normally this flag is set for a process by default, but it is cleared when a set-user-ID or set-group-ID program is executed and also by various system calls that manipulate process UIDs and GIDs). -In kernels up to and including 2.6.12, .I arg2 must be either 0 (process is not dumpable) or 1 (process is dumpable). -Since kernel 2.6.13, the value 2 is also permitted; -this causes any binary which normally would not be dumped -to be dumped readable by root only. -(See also the description of +(Starting with kernel 2.6.13, the value 2 was also permitted; +it caused any binary which normally would not be dumped +to be dumped readable by root only. This feature turned out to pose a +security threat and was therefore removed in kernel versions 2.6.16.24 and +2.6.17.4. It is still available to the super-user as a system-wide default +setting: See the description of .I /proc/sys/fs/suid_dumpable in .BR proc (5).)
