From e4a4b2ae8b70aba68d6858a351552da0655ab8b7 Mon Sep 17 00:00:00 2001
From: Alexander Monakov <amonakov@ispras.ru>
Date: Mon, 7 Aug 2023 18:18:13 +0300
Subject: [PATCH] seccomp: remove prctl(PR_SET_DUMPABLE) snake oil

Making the process "not dumpable" has the following effects:

* core dumps are not produced
* ptrace-attaching to this process is disallowed
* files in /proc/<pid> become owned by root

Hence, it doesn't contribute to seccomp's goal of preventing attacks via
a hijacked 'file' process, and instead limits the ability to observe a
running (or crashing) 'file' program, which is not a goal here.
---
 src/seccomp.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/seccomp.c b/src/seccomp.c
index 87d4c49e..26bcbed4 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -68,9 +68,6 @@ enable_sandbox_basic(void)
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
 		return -1;
 
-	if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1)
-		return -1;
-
 	// initialize the filter
 	ctx = seccomp_init(SCMP_ACT_ALLOW);
 	if (ctx == NULL)
@@ -158,9 +155,6 @@ enable_sandbox_full(void)
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
 		return -1;
 
-	if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1)
-		return -1;
-
 	// initialize the filter
 	ctx = seccomp_init(SCMP_ACT_KILL);
 	if (ctx == NULL)
-- 
2.32.0