lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri,  2 Jul 2021 01:31:51 +0200
From:   David Oberhollenzer <david.oberhollenzer@...ma-star.at>
To:     viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     richard@...ma-star.at,
        David Oberhollenzer <david.oberhollenzer@...ma-star.at>
Subject: [PATCH] Log if a core dump is aborted due to changed file permissions

For obvious security reasons, a core dump is aborted if the
filesystem cannot preserve ownership or permissions of the
dump file.

This affects filesystems like e.g. vfat, but also something like
a 9pfs share in a Qemu test setup, running as a regular user,
depending on the security model used. In those cases, the result
is an empty core file and a confused user.

To hopefully safe other people a lot of time figuring out the
cause, this patch adds a simple log message for those specific
cases.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at>
---
 fs/coredump.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/fs/coredump.c b/fs/coredump.c
index c3d8fc14b993..3e53d3e18b0e 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -782,10 +777,17 @@ void do_coredump(const kernel_siginfo_t *siginfo)
 		 * filesystem.
 		 */
 		mnt_userns = file_mnt_user_ns(cprm.file);
-		if (!uid_eq(i_uid_into_mnt(mnt_userns, inode), current_fsuid()))
+		if (!uid_eq(i_uid_into_mnt(mnt_userns, inode),
+			    current_fsuid())) {
+			pr_info_ratelimited("Core dump to |%s aborted: cannot preserve file owner\n",
+					    cn.corename);
 			goto close_fail;
-		if ((inode->i_mode & 0677) != 0600)
+		}
+		if ((inode->i_mode & 0677) != 0600) {
+			pr_info_ratelimited("Core dump to |%s aborted: cannot preserve file permissions\n",
+					    cn.corename);
 			goto close_fail;
+		}
 		if (!(cprm.file->f_mode & FMODE_CAN_WRITE))
 			goto close_fail;
 		if (do_truncate(mnt_userns, cprm.file->f_path.dentry,
-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ