|
|
a60cd7 |
From af945ff58a698ce00c45059a05994ef53a13e192 Mon Sep 17 00:00:00 2001
|
|
|
a60cd7 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
Date: Fri, 17 Apr 2015 14:36:45 +0200
|
|
|
a60cd7 |
Subject: [ABRT PATCH] ccpp: do not override existing files by compat cores
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Implement all checks used in kernel's do_coredump() and require
|
|
|
a60cd7 |
non-relative path if suid_dumpable is 2.
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Related: #1212818
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
---
|
|
|
a60cd7 |
src/hooks/abrt-hook-ccpp.c | 20 ++++++++++++++++----
|
|
|
a60cd7 |
1 file changed, 16 insertions(+), 4 deletions(-)
|
|
|
a60cd7 |
|
|
|
a60cd7 |
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
|
|
|
a60cd7 |
index 85e0d35..82ff555 100644
|
|
|
a60cd7 |
--- a/src/hooks/abrt-hook-ccpp.c
|
|
|
a60cd7 |
+++ b/src/hooks/abrt-hook-ccpp.c
|
|
|
a60cd7 |
@@ -24,6 +24,8 @@
|
|
|
a60cd7 |
#define DUMP_SUID_UNSAFE 1
|
|
|
a60cd7 |
#define DUMP_SUID_SAFE 2
|
|
|
a60cd7 |
|
|
|
a60cd7 |
+static int g_user_core_flags;
|
|
|
a60cd7 |
+static int g_need_nonrelative;
|
|
|
a60cd7 |
|
|
|
a60cd7 |
/* I want to use -Werror, but gcc-4.4 throws a curveball:
|
|
|
a60cd7 |
* "warning: ignoring return value of 'ftruncate', declared with attribute warn_unused_result"
|
|
|
a60cd7 |
@@ -337,7 +339,14 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
|
|
|
a60cd7 |
|
|
|
a60cd7 |
full_core_basename = core_basename;
|
|
|
a60cd7 |
if (core_basename[0] != '/')
|
|
|
a60cd7 |
+ {
|
|
|
a60cd7 |
+ if (g_need_nonrelative)
|
|
|
a60cd7 |
+ {
|
|
|
a60cd7 |
+ error_msg("Current suid_dumpable policy prevents from saving core dumps according to relative core_pattern");
|
|
|
a60cd7 |
+ return -1;
|
|
|
a60cd7 |
+ }
|
|
|
a60cd7 |
core_basename = concat_path_file(user_pwd, core_basename);
|
|
|
a60cd7 |
+ }
|
|
|
a60cd7 |
|
|
|
a60cd7 |
/* Open (create) compat core file.
|
|
|
a60cd7 |
* man core:
|
|
|
a60cd7 |
@@ -372,19 +381,19 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
|
|
|
a60cd7 |
struct stat sb;
|
|
|
a60cd7 |
errno = 0;
|
|
|
a60cd7 |
/* Do not O_TRUNC: if later checks fail, we do not want to have file already modified here */
|
|
|
a60cd7 |
- int user_core_fd = open(core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW, 0600); /* kernel makes 0600 too */
|
|
|
a60cd7 |
+ int user_core_fd = open(core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW | g_user_core_flags, 0600); /* kernel makes 0600 too */
|
|
|
a60cd7 |
xsetegid(0);
|
|
|
a60cd7 |
xseteuid(0);
|
|
|
a60cd7 |
if (user_core_fd < 0
|
|
|
a60cd7 |
|| fstat(user_core_fd, &sb) != 0
|
|
|
a60cd7 |
|| !S_ISREG(sb.st_mode)
|
|
|
a60cd7 |
|| sb.st_nlink != 1
|
|
|
a60cd7 |
- /* kernel internal dumper checks this too: if (inode->i_uid != current->fsuid) <fail>, need to mimic? */
|
|
|
a60cd7 |
+ || sb.st_uid != fsuid
|
|
|
a60cd7 |
) {
|
|
|
a60cd7 |
if (user_core_fd < 0)
|
|
|
a60cd7 |
perror_msg("Can't open '%s'", full_core_basename);
|
|
|
a60cd7 |
else
|
|
|
a60cd7 |
- perror_msg("'%s' is not a regular file with link count 1", full_core_basename);
|
|
|
a60cd7 |
+ perror_msg("'%s' is not a regular file with link count 1 owned by UID(%d)", full_core_basename, fsuid);
|
|
|
a60cd7 |
return -1;
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
if (ftruncate(user_core_fd, 0) != 0) {
|
|
|
a60cd7 |
@@ -578,8 +587,11 @@ int main(int argc, char** argv)
|
|
|
a60cd7 |
/* use root for suided apps unless it's explicitly set to UNSAFE */
|
|
|
a60cd7 |
fsuid = 0;
|
|
|
a60cd7 |
if (suid_policy == DUMP_SUID_UNSAFE)
|
|
|
a60cd7 |
- {
|
|
|
a60cd7 |
fsuid = tmp_fsuid;
|
|
|
a60cd7 |
+ else
|
|
|
a60cd7 |
+ {
|
|
|
a60cd7 |
+ g_user_core_flags = O_EXCL;
|
|
|
a60cd7 |
+ g_need_nonrelative = 1;
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
|
|
|
a60cd7 |
--
|
|
|
a60cd7 |
1.8.3.1
|
|
|
a60cd7 |
|