Date: Sun, 23 Jun 2019 18:35:11 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r349320 - head/sys/kern Message-ID: <201906231835.x5NIZBYb038780@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Sun Jun 23 18:35:11 2019 New Revision: 349320 URL: https://svnweb.freebsd.org/changeset/base/349320 Log: coredump: avoid writing to core files not owned by the real user. Reported by: blake frantz <trew@hick.org> PR: 68905 admbugs: 358 Sponsored by: The FreeBSD Foundation MFC after: 1 week Modified: head/sys/kern/kern_sig.c Modified: head/sys/kern/kern_sig.c ============================================================================== --- head/sys/kern/kern_sig.c Sun Jun 23 17:39:13 2019 (r349319) +++ head/sys/kern/kern_sig.c Sun Jun 23 18:35:11 2019 (r349320) @@ -3597,10 +3597,11 @@ coredump(struct thread *td) /* * Don't dump to non-regular files or files with links. - * Do not dump into system files. + * Do not dump into system files. Real user must own the corefile. */ if (vp->v_type != VREG || VOP_GETATTR(vp, &vattr, cred) != 0 || - vattr.va_nlink != 1 || (vp->v_vflag & VV_SYSTEM) != 0) { + vattr.va_nlink != 1 || (vp->v_vflag & VV_SYSTEM) != 0 || + vattr.va_uid != cred->cr_ruid) { VOP_UNLOCK(vp, 0); error = EFAULT; goto out;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906231835.x5NIZBYb038780>