shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Code

coredump: drop caps while we are processing the coredump

Browse Source 
https://bugs.freedesktop.org/show_bug.cgi?id=87354
This commit is contained in:
Lennart Poettering 2015-01-29 02:47:29 +01:00
parent 9e8abdf0d9
commit f11943c53e
2 changed files with 27 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/journal/coredump.c
View File

@ -31,9 +31,8 @@
# include <elfutils/libdwfl.h>
#endif
#include "systemd/sd-journal.h"
#include "systemd/sd-login.h"
#include "sd-journal.h"
#include "sd-login.h"
#include "log.h"
#include "util.h"
#include "fileio.h"
@ -42,14 +41,15 @@
#include "mkdir.h"
#include "special.h"
#include "cgroup-util.h"
#include "journald-native.h"
#include "conf-parser.h"
#include "copy.h"
#include "stacktrace.h"
#include "path-util.h"
#include "compress.h"
#include "coredump-vacuum.h"
#include "acl-util.h"
#include "capability.h"
#include "journald-native.h"
#include "coredump-vacuum.h"
/* The maximum size up to which we process coredumps */
#define PROCESS_SIZE_MAX ((off_t) (2LLU*1024LLU*1024LLU*1024LLU))
@ -810,11 +810,12 @@ int main(int argc, char* argv[]) {
* segfaulted process and allocate the coredump memory under
* the user's uid. This also ensures that the credentials
* journald will see are the ones of the coredumping user,
* thus making sure the user gets access to the core dump. */
if (setresgid(gid, gid, gid) < 0 ||
setresuid(uid, uid, uid) < 0) {
log_error_errno(errno, "Failed to drop privileges: %m");
r = -errno;
* thus making sure the user gets access to the core
* dump. Let's also get rid of all capabilities, if we run as
* root, we won't need them anymore. */
r = drop_privileges(uid, gid, 0);
if (r < 0) {
log_error_errno(r, "Failed to drop privileges: %m");
goto finish;
}

16
src/shared/capability.c
View File

@ -230,8 +230,9 @@ int capability_bounding_set_drop_usermode(uint64_t drop) {
}
int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
cap_value_t bits[sizeof(keep_capabilities)*8];
_cleanup_cap_free_ cap_t d = NULL;
unsigned i, j = 0;
int r;
/* Unfortunately we cannot leave privilege dropping to PID 1
@ -247,7 +248,8 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
if (setgroups(0, NULL) < 0)
return log_error_errno(errno, "Failed to drop auxiliary groups list: %m");
if (prctl(PR_SET_KEEPCAPS, 1) < 0)
/* Ensure we keep the permitted caps across the setresuid(), if we need them */
if (prctl(PR_SET_KEEPCAPS, keep_capabilities != 0) < 0)
return log_error_errno(errno, "Failed to enable keep capabilities flag: %m");
r = setresuid(uid, uid, uid);
@ -257,18 +259,19 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
if (prctl(PR_SET_KEEPCAPS, 0) < 0)
return log_error_errno(errno, "Failed to disable keep capabilities flag: %m");
/* Drop all caps from the bounding set, except the ones we want */
r = capability_bounding_set_drop(~keep_capabilities, true);
if (r < 0)
return log_error_errno(r, "Failed to drop capabilities: %m");
if (keep_capabilities == 0) /* All is gone, we can exit early */
return 0;
/* Now upgrade the permitted caps we still kept to effective caps */
d = cap_init();
if (!d)
return log_oom();
if (keep_capabilities) {
cap_value_t bits[sizeof(keep_capabilities)*8];
unsigned i, j = 0;
for (i = 0; i < sizeof(keep_capabilities)*8; i++)
if (keep_capabilities & (1ULL << i))
bits[j++] = i;
@ -278,7 +281,6 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
log_error_errno(errno, "Failed to enable capabilities bits: %m");
return -errno;
}
}
if (cap_set_proc(d) < 0)
return log_error_errno(errno, "Failed to increase capabilities: %m");