version 1.213, 2005/12/24 19:12:23 |
version 1.213.2.1, 2006/02/18 15:39:18 |
Line 70 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 70 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <sys/sa.h> |
#include <sys/sa.h> |
#include <sys/savar.h> |
#include <sys/savar.h> |
#include <sys/exec.h> |
#include <sys/exec.h> |
|
#include <sys/sysctl.h> |
|
|
#include <sys/mount.h> |
#include <sys/mount.h> |
#include <sys/syscallargs.h> |
#include <sys/syscallargs.h> |
Line 2094 coredump(struct lwp *l, const char *patt |
|
Line 2095 coredump(struct lwp *l, const char *patt |
|
struct mount *mp; |
struct mount *mp; |
struct coredump_iostate io; |
struct coredump_iostate io; |
int error, error1; |
int error, error1; |
char name[MAXPATHLEN]; |
char *name = NULL; |
|
|
p = l->l_proc; |
p = l->l_proc; |
vm = p->p_vmspace; |
vm = p->p_vmspace; |
cred = p->p_cred->pc_ucred; |
cred = p->p_cred->pc_ucred; |
|
|
/* |
/* |
* Make sure the process has not set-id, to prevent data leaks. |
* Make sure the process has not set-id, to prevent data leaks, |
|
* unless it was specifically requested to allow set-id coredumps. |
*/ |
*/ |
if (p->p_flag & P_SUGID) |
if ((p->p_flag & P_SUGID) && !security_setidcore_dump) |
return (EPERM); |
return (EPERM); |
|
|
/* |
/* |
|
|
*/ |
*/ |
vp = p->p_cwdi->cwdi_cdir; |
vp = p->p_cwdi->cwdi_cdir; |
if (vp->v_mount == NULL || |
if (vp->v_mount == NULL || |
(vp->v_mount->mnt_flag & MNT_NOCOREDUMP) != 0) |
(vp->v_mount->mnt_flag & MNT_NOCOREDUMP) != 0) { |
return (EPERM); |
error = EPERM; |
|
goto done; |
|
} |
|
|
|
if (p->p_flag & P_SUGID && security_setidcore_dump) |
|
pattern = security_setidcore_path; |
|
|
if (pattern == NULL) |
if (pattern == NULL) |
pattern = p->p_limit->pl_corename; |
pattern = p->p_limit->pl_corename; |
if ((error = build_corename(p, name, pattern, sizeof(name))) != 0) |
if (name == NULL) { |
return error; |
name = PNBUF_GET(); |
|
} |
|
error = build_corename(p, name, pattern, MAXPATHLEN); |
|
if (error != 0) { |
|
goto done; |
|
} |
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, l); |
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, l); |
error = vn_open(&nd, O_CREAT | O_NOFOLLOW | FWRITE, S_IRUSR | S_IWUSR); |
error = vn_open(&nd, O_CREAT | O_NOFOLLOW | FWRITE, S_IRUSR | S_IWUSR); |
if (error) |
if (error) { |
return (error); |
goto done; |
|
} |
vp = nd.ni_vp; |
vp = nd.ni_vp; |
|
|
if (vn_start_write(vp, &mp, V_NOWAIT) != 0) { |
if (vn_start_write(vp, &mp, V_NOWAIT) != 0) { |
VOP_UNLOCK(vp, 0); |
VOP_UNLOCK(vp, 0); |
if ((error = vn_close(vp, FWRITE, cred, l)) != 0) |
if ((error = vn_close(vp, FWRITE, cred, l)) != 0) { |
return (error); |
goto done; |
|
} |
if ((error = vn_start_write(NULL, &mp, |
if ((error = vn_start_write(NULL, &mp, |
V_WAIT | V_SLEEPONLY | V_PCATCH)) != 0) |
V_WAIT | V_SLEEPONLY | V_PCATCH)) != 0) { |
return (error); |
goto done; |
|
} |
goto restart; |
goto restart; |
} |
} |
|
|
|
|
} |
} |
VATTR_NULL(&vattr); |
VATTR_NULL(&vattr); |
vattr.va_size = 0; |
vattr.va_size = 0; |
|
|
|
if (p->p_flag & P_SUGID && security_setidcore_dump) { |
|
vattr.va_uid = security_setidcore_owner; |
|
vattr.va_gid = security_setidcore_group; |
|
vattr.va_mode = security_setidcore_mode; |
|
} |
|
|
VOP_LEASE(vp, l, cred, LEASE_WRITE); |
VOP_LEASE(vp, l, cred, LEASE_WRITE); |
VOP_SETATTR(vp, &vattr, cred, l); |
VOP_SETATTR(vp, &vattr, cred, l); |
p->p_acflag |= ACORE; |
p->p_acflag |= ACORE; |
|
|
error1 = vn_close(vp, FWRITE, cred, l); |
error1 = vn_close(vp, FWRITE, cred, l); |
if (error == 0) |
if (error == 0) |
error = error1; |
error = error1; |
|
done: |
|
if (name != NULL) { |
|
PNBUF_PUT(name); |
|
} |
return (error); |
return (error); |
} |
} |
|
|