Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Jul 2019 19:34:18 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r349687 - stable/12/sys/kern
Message-ID:  <201907031934.x63JYIRh068727@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kib
Date: Wed Jul  3 19:34:17 2019
New Revision: 349687
URL: https://svnweb.freebsd.org/changeset/base/349687

Log:
  MFC r349320, r349324:
  coredump: avoid writing to core files not owned by the effective user.
  
  PR:	68905
  admbugs:	358

Modified:
  stable/12/sys/kern/kern_sig.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/kern/kern_sig.c
==============================================================================
--- stable/12/sys/kern/kern_sig.c	Wed Jul  3 19:32:25 2019	(r349686)
+++ stable/12/sys/kern/kern_sig.c	Wed Jul  3 19:34:17 2019	(r349687)
@@ -3400,10 +3400,16 @@ corefile_open_last(struct thread *td, char *name, int 
 	}
 
 	if (oldvp != NULL) {
-		if (nextvp == NULL)
-			nextvp = oldvp;
-		else
+		if (nextvp == NULL) {
+			if ((td->td_proc->p_flag & P_SUGID) != 0) {
+				error = EFAULT;
+				vnode_close_locked(td, oldvp);
+			} else {
+				nextvp = oldvp;
+			}
+		} else {
 			vnode_close_locked(td, oldvp);
+		}
 	}
 	if (error != 0) {
 		if (nextvp != NULL)
@@ -3523,6 +3529,8 @@ corefile_open(const char *comm, uid_t uid, pid_t pid, 
 		oflags = VN_OPEN_NOAUDIT | VN_OPEN_NAMECACHE |
 		    (capmode_coredump ? VN_OPEN_NOCAPCHECK : 0);
 		flags = O_CREAT | FWRITE | O_NOFOLLOW;
+		if ((td->td_proc->p_flag & P_SUGID) != 0)
+			flags |= O_EXCL;
 
 		NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, td);
 		error = vn_open_cred(&nd, &flags, cmode, oflags, td->td_ucred,
@@ -3599,10 +3607,11 @@ coredump(struct thread *td)
 
 	/*
 	 * Don't dump to non-regular files or files with links.
-	 * Do not dump into system files.
+	 * Do not dump into system files. Effective user must own the corefile.
 	 */
 	if (vp->v_type != VREG || VOP_GETATTR(vp, &vattr, cred) != 0 ||
-	    vattr.va_nlink != 1 || (vp->v_vflag & VV_SYSTEM) != 0) {
+	    vattr.va_nlink != 1 || (vp->v_vflag & VV_SYSTEM) != 0 ||
+	    vattr.va_uid != cred->cr_uid) {
 		VOP_UNLOCK(vp, 0);
 		error = EFAULT;
 		goto out;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907031934.x63JYIRh068727>