Please find a minimal test case below (replaces ping(1) with a call to abort(3)). I've tried this on 3 desktops now and got different results each time (core perms combinations of martin:martin/root:martin/640/660) but in all cases core was readable by the non-privileged user.
I also wanted to explicitly state that this is not a problem on Ubuntu Server 12.04, where fs.suid_dumpable=0.
martin@desktop:~/apport$ cat > foo.c
#include <stdlib.h>
int main(int argc, char *argv[])
{
abort();
}
^D
martin@desktop:~/apport$ make foo
cc foo.c -o foo
martin@desktop:~/apport$ aptitude search iputils-ping
i iputils-ping - Tools to test the reachability of network hosts
p iputils-ping:i386 - Tools to test the reachability of network hosts
martin@desktop:~/apport$ sudo mv /bin/ping /bin/ping.org
martin@desktop:~/apport$ sudo cp ./foo /bin/ping
martin@desktop:~/apport$ sudo chown root:root /bin/ping
martin@desktop:~/apport$ sudo chmod 4755 /bin/ping
martin@desktop:~/apport$ ls -l /bin/ping.org /bin/ping
-rwsr-xr-x. 1 root root 8376 Oct 21 10:13 /bin/ping
-rwsr-xr-x. 1 root root 35712 Nov 8 2011 /bin/ping.org
martin@desktop:~/apport$ ulimit -c unlimited
martin@desktop:~/apport$ ./foo
Aborted (core dumped)
martin@desktop:~/apport$ ls -l core
-rw-r-----. 1 martin martin 233472 Oct 21 10:14 core
martin@desktop:~/apport$
Please find a minimal test case below (replaces ping(1) with a call to abort(3)). I've tried this on 3 desktops now and got different results each time (core perms combinations of martin: martin/ root:martin/ 640/660) but in all cases core was readable by the non-privileged user.
I also wanted to explicitly state that this is not a problem on Ubuntu Server 12.04, where fs.suid_dumpable=0.
martin@ desktop: ~/apport$ cat > foo.c
#include <stdlib.h>
int main(int argc, char *argv[]) desktop: ~/apport$ make foo desktop: ~/apport$ aptitude search iputils-ping desktop: ~/apport$ sudo mv /bin/ping /bin/ping.org desktop: ~/apport$ sudo cp ./foo /bin/ping desktop: ~/apport$ sudo chown root:root /bin/ping desktop: ~/apport$ sudo chmod 4755 /bin/ping desktop: ~/apport$ ls -l /bin/ping.org /bin/ping desktop: ~/apport$ ulimit -c unlimited desktop: ~/apport$ ./foo desktop: ~/apport$ ls -l core desktop: ~/apport$
{
abort();
}
^D
martin@
cc foo.c -o foo
martin@
i iputils-ping - Tools to test the reachability of network hosts
p iputils-ping:i386 - Tools to test the reachability of network hosts
martin@
martin@
martin@
martin@
martin@
-rwsr-xr-x. 1 root root 8376 Oct 21 10:13 /bin/ping
-rwsr-xr-x. 1 root root 35712 Nov 8 2011 /bin/ping.org
martin@
martin@
Aborted (core dumped)
martin@
-rw-r-----. 1 martin martin 233472 Oct 21 10:14 core
martin@