diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-01-14 03:37:32 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-01-14 03:37:32 +0100 |
commit | fee80f695687ab3bfb0590e73d6d97a8a19787cd (patch) | |
tree | 89de74a7529e8432440b6402d9cd419c71cded35 | |
parent | e6acda19b26e5a8e490b48b15e2ba33d9103b3bd (diff) |
journal: drop privileges when storing coredump
-rw-r--r-- | src/journal/coredump.c | 57 |
1 files changed, 41 insertions, 16 deletions
diff --git a/src/journal/coredump.c b/src/journal/coredump.c index bbec550784..6b8809972d 100644 --- a/src/journal/coredump.c +++ b/src/journal/coredump.c @@ -45,6 +45,8 @@ int main(int argc, char* argv[]) { char *p = NULL; ssize_t n; pid_t pid; + uid_t uid; + gid_t gid; struct iovec iovec[14]; char *core_pid = NULL, *core_uid = NULL, *core_gid = NULL, *core_signal = NULL, *core_timestamp = NULL, *core_comm = NULL, *core_exe = NULL, *core_unit = NULL, @@ -63,31 +65,21 @@ int main(int argc, char* argv[]) { r = parse_pid(argv[ARG_PID], &pid); if (r < 0) { log_error("Failed to parse PID."); - r = -EINVAL; goto finish; } - p = malloc(9 + COREDUMP_MAX); - if (!p) { - log_error("Out of memory"); - r = -ENOMEM; + r = parse_uid(argv[ARG_UID], &uid); + if (r < 0) { + log_error("Failed to parse UID."); goto finish; } - memcpy(p, "COREDUMP=", 9); - - n = loop_read(STDIN_FILENO, p + 9, COREDUMP_MAX, false); - if (n < 0) { - log_error("Failed to read core dump data: %s", strerror(-n)); - r = (int) n; + r = parse_gid(argv[ARG_GID], &gid); + if (r < 0) { + log_error("Failed to parse GID."); goto finish; } - zero(iovec); - iovec[j].iov_base = p; - iovec[j].iov_len = 9 + n; - j++; - core_pid = strappend("COREDUMP_PID=", argv[ARG_PID]); if (core_pid) IOVEC_SET_STRING(iovec[j++], core_pid); @@ -151,6 +143,39 @@ int main(int argc, char* argv[]) { if (core_message) IOVEC_SET_STRING(iovec[j++], core_message); + /* Now, let's drop privileges to become the user who owns the + * segfaulted process and allocate the coredump memory under + * his uid. This also ensures that the credentials journald + * will see are the ones of the coredumping user, thus making + * sure the user himself gets access to the core dump. */ + + if (setresgid(gid, gid, gid) < 0 || + setresuid(uid, uid, uid) < 0) { + log_error("Failed to drop privileges: %m"); + r = -errno; + goto finish; + } + + p = malloc(9 + COREDUMP_MAX); + if (!p) { + log_error("Out of memory"); + r = -ENOMEM; + goto finish; + } + + memcpy(p, "COREDUMP=", 9); + + n = loop_read(STDIN_FILENO, p + 9, COREDUMP_MAX, false); + if (n < 0) { + log_error("Failed to read core dump data: %s", strerror(-n)); + r = (int) n; + goto finish; + } + + iovec[j].iov_base = p; + iovec[j].iov_len = 9 + n; + j++; + r = sd_journal_sendv(iovec, j); if (r < 0) log_error("Failed to send coredump: %s", strerror(-r)); |