hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-15 14:56:13 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

coredump: avoid writing to core files not owned by the real user.

Browse Source 
Reported by: blake frantz <trew@hick.org>
PR:	68905
admbugs:	358
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
This commit is contained in:
Konstantin Belousov 2019-06-23 18:35:11 +00:00
parent ac6a9e474f
commit 7a29e0bf96
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=349320
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/kern/kern_sig.c
View File

@ -3597,10 +3597,11 @@ coredump(struct thread *td)
/* /*
* Don't dump to non-regular files or files with links. * Don't dump to non-regular files or files with links.
* Do not dump into system files. * Do not dump into system files. Real user must own the corefile.
*/ */
if (vp->v_type != VREG || VOP_GETATTR(vp, &vattr, cred) != 0 || if (vp->v_type != VREG || VOP_GETATTR(vp, &vattr, cred) != 0 ||
vattr.va_nlink != 1 || (vp->v_vflag & VV_SYSTEM) != 0) { vattr.va_nlink != 1 || (vp->v_vflag & VV_SYSTEM) != 0 ||
vattr.va_uid != cred->cr_ruid) {
VOP_UNLOCK(vp, 0); VOP_UNLOCK(vp, 0);
error = EFAULT; error = EFAULT;
goto out; goto out;