lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 02 Aug 2021 20:47:01 +0000
From:   David Oberhollenzer <david.oberhollenzer@...ma-star.at>
To:     viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     richard@...ma-star.at, Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] Log if a core dump is aborted due to changed file permissions

Friendly ping :-)

On 7/2/21 1:31 AM, David Oberhollenzer wrote:
> For obvious security reasons, a core dump is aborted if the
> filesystem cannot preserve ownership or permissions of the
> dump file.
>
> This affects filesystems like e.g. vfat, but also something like
> a 9pfs share in a Qemu test setup, running as a regular user,
> depending on the security model used. In those cases, the result
> is an empty core file and a confused user.
>
> To hopefully safe other people a lot of time figuring out the
> cause, this patch adds a simple log message for those specific
> cases.
>
> Signed-off-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at>
> ---
>   fs/coredump.c | 13 +++++++++++--
>   1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/fs/coredump.c b/fs/coredump.c
> index c3d8fc14b993..3e53d3e18b0e 100644
> --- a/fs/coredump.c
> +++ b/fs/coredump.c
> @@ -782,10 +777,17 @@ void do_coredump(const kernel_siginfo_t *siginfo)
>   		 * filesystem.
>   		 */
>   		mnt_userns = file_mnt_user_ns(cprm.file);
> -		if (!uid_eq(i_uid_into_mnt(mnt_userns, inode), current_fsuid()))
> +		if (!uid_eq(i_uid_into_mnt(mnt_userns, inode),
> +			    current_fsuid())) {
> +			pr_info_ratelimited("Core dump to |%s aborted: cannot preserve file owner\n",
> +					    cn.corename);
>   			goto close_fail;
> -		if ((inode->i_mode & 0677) != 0600)
> +		}
> +		if ((inode->i_mode & 0677) != 0600) {
> +			pr_info_ratelimited("Core dump to |%s aborted: cannot preserve file permissions\n",
> +					    cn.corename);
>   			goto close_fail;
> +		}
>   		if (!(cprm.file->f_mode & FMODE_CAN_WRITE))
>   			goto close_fail;
>   		if (do_truncate(mnt_userns, cprm.file->f_path.dentry,
> --
> 2.31.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ