From af945ff58a698ce00c45059a05994ef53a13e192 Mon Sep 17 00:00:00 2001 From: Jakub Filak Date: Fri, 17 Apr 2015 14:36:45 +0200 Subject: [ABRT PATCH] ccpp: do not override existing files by compat cores Implement all checks used in kernel's do_coredump() and require non-relative path if suid_dumpable is 2. Related: #1212818 Signed-off-by: Jakub Filak --- src/hooks/abrt-hook-ccpp.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c index 85e0d35..82ff555 100644 --- a/src/hooks/abrt-hook-ccpp.c +++ b/src/hooks/abrt-hook-ccpp.c @@ -24,6 +24,8 @@ #define DUMP_SUID_UNSAFE 1 #define DUMP_SUID_SAFE 2 +static int g_user_core_flags; +static int g_need_nonrelative; /* I want to use -Werror, but gcc-4.4 throws a curveball: * "warning: ignoring return value of 'ftruncate', declared with attribute warn_unused_result" @@ -337,7 +339,14 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu full_core_basename = core_basename; if (core_basename[0] != '/') + { + if (g_need_nonrelative) + { + error_msg("Current suid_dumpable policy prevents from saving core dumps according to relative core_pattern"); + return -1; + } core_basename = concat_path_file(user_pwd, core_basename); + } /* Open (create) compat core file. * man core: @@ -372,19 +381,19 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu struct stat sb; errno = 0; /* Do not O_TRUNC: if later checks fail, we do not want to have file already modified here */ - int user_core_fd = open(core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW, 0600); /* kernel makes 0600 too */ + int user_core_fd = open(core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW | g_user_core_flags, 0600); /* kernel makes 0600 too */ xsetegid(0); xseteuid(0); if (user_core_fd < 0 || fstat(user_core_fd, &sb) != 0 || !S_ISREG(sb.st_mode) || sb.st_nlink != 1 - /* kernel internal dumper checks this too: if (inode->i_uid != current->fsuid) , need to mimic? */ + || sb.st_uid != fsuid ) { if (user_core_fd < 0) perror_msg("Can't open '%s'", full_core_basename); else - perror_msg("'%s' is not a regular file with link count 1", full_core_basename); + perror_msg("'%s' is not a regular file with link count 1 owned by UID(%d)", full_core_basename, fsuid); return -1; } if (ftruncate(user_core_fd, 0) != 0) { @@ -578,8 +587,11 @@ int main(int argc, char** argv) /* use root for suided apps unless it's explicitly set to UNSAFE */ fsuid = 0; if (suid_policy == DUMP_SUID_UNSAFE) - { fsuid = tmp_fsuid; + else + { + g_user_core_flags = O_EXCL; + g_need_nonrelative = 1; } } -- 1.8.3.1