svn commit: r349689 - stable/11/sys/kern
Konstantin Belousov
kib at FreeBSD.org
Wed Jul 3 19:46:06 UTC 2019
Author: kib
Date: Wed Jul 3 19:46:05 2019
New Revision: 349689
URL: https://svnweb.freebsd.org/changeset/base/349689
Log:
MFC r349320, r349324:
coredump: avoid writing to core files not owned by the effective user.
PR: 68905
admbugs: 358
Modified:
stable/11/sys/kern/kern_sig.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/kern/kern_sig.c
==============================================================================
--- stable/11/sys/kern/kern_sig.c Wed Jul 3 19:42:36 2019 (r349688)
+++ stable/11/sys/kern/kern_sig.c Wed Jul 3 19:46:05 2019 (r349689)
@@ -3380,10 +3380,16 @@ corefile_open_last(struct thread *td, char *name, int
}
if (oldvp != NULL) {
- if (nextvp == NULL)
- nextvp = oldvp;
- else
+ if (nextvp == NULL) {
+ if ((td->td_proc->p_flag & P_SUGID) != 0) {
+ error = EFAULT;
+ vnode_close_locked(td, oldvp);
+ } else {
+ nextvp = oldvp;
+ }
+ } else {
vnode_close_locked(td, oldvp);
+ }
}
if (error != 0) {
if (nextvp != NULL)
@@ -3492,6 +3498,8 @@ corefile_open(const char *comm, uid_t uid, pid_t pid,
oflags = VN_OPEN_NOAUDIT | VN_OPEN_NAMECACHE |
(capmode_coredump ? VN_OPEN_NOCAPCHECK : 0);
flags = O_CREAT | FWRITE | O_NOFOLLOW;
+ if ((td->td_proc->p_flag & P_SUGID) != 0)
+ flags |= O_EXCL;
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, td);
error = vn_open_cred(&nd, &flags, cmode, oflags, td->td_ucred,
@@ -3589,10 +3597,11 @@ coredump(struct thread *td)
/*
* Don't dump to non-regular files or files with links.
- * Do not dump into system files.
+ * Do not dump into system files. Effective user must own the corefile.
*/
if (vp->v_type != VREG || VOP_GETATTR(vp, &vattr, cred) != 0 ||
- vattr.va_nlink != 1 || (vp->v_vflag & VV_SYSTEM) != 0) {
+ vattr.va_nlink != 1 || (vp->v_vflag & VV_SYSTEM) != 0 ||
+ vattr.va_uid != cred->cr_uid) {
VOP_UNLOCK(vp, 0);
error = EFAULT;
goto out;
More information about the svn-src-all
mailing list