[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210701233151.102720-1-david.oberhollenzer@sigma-star.at>
Date: Fri, 2 Jul 2021 01:31:51 +0200
From: David Oberhollenzer <david.oberhollenzer@...ma-star.at>
To: viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: richard@...ma-star.at,
David Oberhollenzer <david.oberhollenzer@...ma-star.at>
Subject: [PATCH] Log if a core dump is aborted due to changed file permissions
For obvious security reasons, a core dump is aborted if the
filesystem cannot preserve ownership or permissions of the
dump file.
This affects filesystems like e.g. vfat, but also something like
a 9pfs share in a Qemu test setup, running as a regular user,
depending on the security model used. In those cases, the result
is an empty core file and a confused user.
To hopefully safe other people a lot of time figuring out the
cause, this patch adds a simple log message for those specific
cases.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at>
---
fs/coredump.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/fs/coredump.c b/fs/coredump.c
index c3d8fc14b993..3e53d3e18b0e 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -782,10 +777,17 @@ void do_coredump(const kernel_siginfo_t *siginfo)
* filesystem.
*/
mnt_userns = file_mnt_user_ns(cprm.file);
- if (!uid_eq(i_uid_into_mnt(mnt_userns, inode), current_fsuid()))
+ if (!uid_eq(i_uid_into_mnt(mnt_userns, inode),
+ current_fsuid())) {
+ pr_info_ratelimited("Core dump to |%s aborted: cannot preserve file owner\n",
+ cn.corename);
goto close_fail;
- if ((inode->i_mode & 0677) != 0600)
+ }
+ if ((inode->i_mode & 0677) != 0600) {
+ pr_info_ratelimited("Core dump to |%s aborted: cannot preserve file permissions\n",
+ cn.corename);
goto close_fail;
+ }
if (!(cprm.file->f_mode & FMODE_CAN_WRITE))
goto close_fail;
if (do_truncate(mnt_userns, cprm.file->f_path.dentry,
--
2.31.1
Powered by blists - more mailing lists