summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-02-08 23:35:24 +0100
committerLennart Poettering <lennart@poettering.net>2016-02-10 16:09:24 +0100
commit888e378da2dbf4520e68a9d7e59712a3cd5a830f (patch)
treed280cb63970f5d511d208861e4faaf7427ca6161 /src
parent15a900327aba7dc4dc886affe1ae22d3b759b193 (diff)
coredump: dump priviliges when processing system coredumps
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump was created under. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
Diffstat (limited to 'src')
-rw-r--r--src/coredump/coredump.c16
1 files changed, 13 insertions, 3 deletions
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 9e056436ea..085909c20c 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -569,9 +569,19 @@ static int change_uid_gid(const char *context[]) {
if (r < 0)
return r;
- r = parse_gid(context[CONTEXT_GID], &gid);
- if (r < 0)
- return r;
+ if (uid <= SYSTEM_UID_MAX) {
+ const char *user = "systemd-coredump";
+
+ r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+ if (r < 0) {
+ log_warning_errno(r, "Cannot resolve %s user. Proceeding to dump core as root: %m", user);
+ uid = gid = 0;
+ }
+ } else {
+ r = parse_gid(context[CONTEXT_GID], &gid);
+ if (r < 0)
+ return r;
+ }
return drop_privileges(uid, gid, 0);
}