diff options
author | Kevin Hilman <khilman@linaro.org> | 2015-10-13 16:30:38 -0700 |
---|---|---|
committer | Kevin Hilman <khilman@linaro.org> | 2015-10-13 16:30:38 -0700 |
commit | 575afa2b6b9b628766618f3da6c7289ab32f5661 (patch) | |
tree | d4a23ddffc524e15b9a68b1aefa44da967fe7dd8 /fs/coredump.c | |
parent | c765e5c15e7d23d2b8b37fafdafc63c0ea75fabf (diff) | |
parent | 1230ae0e99e05ced8a945a1a2c5762ce5c6c97c9 (diff) |
Merge tag 'v3.14.54' of git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable into linux-linaro-lsk-v3.14lsk-v3.14-15.10
This is the 3.14.54 stable release
* tag 'v3.14.54' of git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable: (115 commits)
Linux 3.14.54
NVMe: Initialize device reference count earlier
udf: Check length of extended attributes and allocation descriptors
x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI detection
x86/nmi/64: Reorder nested NMI checks
x86/nmi/64: Improve nested NMI comments
x86/nmi/64: Switch stacks on userspace NMI entry
x86/nmi/64: Remove asm code that saves CR2
x86/nmi: Enable nested do_nmi() handling for 64-bit kernels
Revert "iio: bmg160: IIO_BUFFER and IIO_TRIGGERED_BUFFER are required"
net: gso: use feature flag argument in all protocol gso handlers
bna: fix interrupts storm caused by erroneous packets
udp: fix dst races with multicast early demux
rds: fix an integer overflow test in rds_info_getsockopt()
packet: missing dev_put() in packet_do_bind()
fib_rules: fix fib rule dumps across multiple skbs
openvswitch: Zero flows on allocation.
sctp: fix race on protocol/netns initialization
netlink, mmap: transform mmap skb into full skb on taps
net/ipv6: Correct PIM6 mrt_lock handling
...
Diffstat (limited to 'fs/coredump.c')
-rw-r--r-- | fs/coredump.c | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/fs/coredump.c b/fs/coredump.c index a93f7e6ea4cf..72f97a56966f 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -498,10 +498,10 @@ void do_coredump(const siginfo_t *siginfo) const struct cred *old_cred; struct cred *cred; int retval = 0; - int flag = 0; int ispipe; struct files_struct *displaced; - bool need_nonrelative = false; + /* require nonrelative corefile path and be extra careful */ + bool need_suid_safe = false; bool core_dumped = false; static atomic_t core_dump_count = ATOMIC_INIT(0); struct coredump_params cprm = { @@ -535,9 +535,8 @@ void do_coredump(const siginfo_t *siginfo) */ if (__get_dumpable(cprm.mm_flags) == SUID_DUMP_ROOT) { /* Setuid core dump mode */ - flag = O_EXCL; /* Stop rewrite attacks */ cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ - need_nonrelative = true; + need_suid_safe = true; } retval = coredump_wait(siginfo->si_signo, &core_state); @@ -618,7 +617,7 @@ void do_coredump(const siginfo_t *siginfo) if (cprm.limit < binfmt->min_coredump) goto fail_unlock; - if (need_nonrelative && cn.corename[0] != '/') { + if (need_suid_safe && cn.corename[0] != '/') { printk(KERN_WARNING "Pid %d(%s) can only dump core "\ "to fully qualified path!\n", task_tgid_vnr(current), current->comm); @@ -626,8 +625,35 @@ void do_coredump(const siginfo_t *siginfo) goto fail_unlock; } + /* + * Unlink the file if it exists unless this is a SUID + * binary - in that case, we're running around with root + * privs and don't want to unlink another user's coredump. + */ + if (!need_suid_safe) { + mm_segment_t old_fs; + + old_fs = get_fs(); + set_fs(KERNEL_DS); + /* + * If it doesn't exist, that's fine. If there's some + * other problem, we'll catch it at the filp_open(). + */ + (void) sys_unlink((const char __user *)cn.corename); + set_fs(old_fs); + } + + /* + * There is a race between unlinking and creating the + * file, but if that causes an EEXIST here, that's + * fine - another process raced with us while creating + * the corefile, and the other process won. To userspace, + * what matters is that at least one of the two processes + * writes its coredump successfully, not which one. + */ cprm.file = filp_open(cn.corename, - O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag, + O_CREAT | 2 | O_NOFOLLOW | + O_LARGEFILE | O_EXCL, 0600); if (IS_ERR(cprm.file)) goto fail_unlock; |