From nobody@FreeBSD.org  Sun Jul 11 02:25:55 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4FFFE16A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Jul 2004 02:25:55 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4963043D2D
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Jul 2004 02:25:55 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i6B2PsNE085131
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Jul 2004 02:25:54 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.11/8.12.11/Submit) id i6B2Ps2x085130;
	Sun, 11 Jul 2004 02:25:54 GMT
	(envelope-from nobody)
Message-Id: <200407110225.i6B2Ps2x085130@www.freebsd.org>
Date: Sun, 11 Jul 2004 02:25:54 GMT
From: blake frantz <trew@hick.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: core dump ownership issue
X-Send-Pr-Version: www-2.3
X-GNATS-Notify: volker@vwsoft.com

>Number:         68905
>Category:       kern
>Synopsis:       [patch] core dumps are assigned wrong ownership
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    secteam
>State:          analyzed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 11 02:30:12 GMT 2004
>Closed-Date:    
>Last-Modified:  Sun Feb 17 08:08:24 UTC 2008
>Originator:     blake frantz
>Release:        4.9-RC FreeBSD 4.9-RC
>Organization:
none
>Environment:
FreeBSD sbin.nologin.org 4.9-RC FreeBSD 4.9-RC #0: Thu Oct 16 21:45:02 PDT 2003     root@sbin.nologin.org:/usr/src/sys/compile/NOLOGIN  i386

>Description:
if a core file owned by a non root user exists and root runs a process
that drops core in the same location, the original core file owned by
the non root user is replaced with root's core dump, except the original
owner maintains ownership of the core.  linux 2.4, 2.6, and obsd operate
in the same manner.  i have not tested other platforms

i do understand that mitigating factors, such as configuring where and
how cores are created, but this doesn't seem right.


>How-To-Repeat:
trew:~/tmp/q$ ./t
Segmentation fault (core dumped)
trew:~/tmp/q$ md5sum core
90b29a1012aa00c34a18947d98f1b1fb  core
trew:~/tmp/q$ ls -l core
-rw-------    1 trew     users       61440 Jul 10 19:13 core
trew:~/tmp/q$ su
Password:
root:/home/trew/tmp/q# ./t
Segmentation fault (core dumped)
root:/home/trew/tmp/q# md5sum core
371c0748df009ed1da6f189cceff8aca  core
root:/home/trew/tmp/q# ls -l core
-rw-------    1 trew     users       61440 Jul 10 19:13 core

>Fix:
      
>Release-Note:
>Audit-Trail:

From: Volker <volker@vwsoft.com>
To: bug-followup@FreeBSD.org, trew@hick.org
Cc:  
Subject: Re: kern/68905: core dumps are assigned wrong ownership
Date: Fri, 15 Feb 2008 19:48:06 +0100

 Blake,
 
 I just found your PR has never been touched by anybody. I'm sorry nobody
 ever answered this.
 
 If the root touches any file, which already existed before, the file
 owner does not change. This is also the case when using `su' to get
 superuser rights.
 
 In your case, the file core has been created by user 'trew' and while
 root also writes to that file, it doesn't change file ownership.
 
 I'm seeing this as 'by design' and not a bug. Do you agree to have your
 PR being closed?
 
 Thanks!
 
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Fri Feb 15 22:21:40 UTC 2008 
State-Changed-Why:  
Note that submitter has been asked for feedback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=68905 

From: Volker <volker@vwsoft.com>
To: bug-followup@FreeBSD.org, trew@hick.org
Cc:  
Subject: Re: kern/68905: core dumps are assigned wrong ownership
Date: Sat, 16 Feb 2008 00:49:45 +0100

 Sometimes it's good to have more than two eyes looking at something...
 
 antoine@ pointed out, that this has already been figured out to be an
 issue in the Linux kernel. I haven't seen that fact in the first place
 but have checked current kernel sources and figured out, this is really
 an issue. secteam@ has been contacted.
 
 Blake, thanks for bringing this to attention, even while it hasn't been
 noticed for a long time!
State-Changed-From-To: feedback->analyzed 
State-Changed-By: linimon 
State-Changed-When: Sat Feb 16 00:56:44 UTC 2008 
State-Changed-Why:  
Being looked at by Volker Werth. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=68905 

From: Antoine Brodin <antoine@FreeBSD.org>
To: bug-followup@FreeBSD.org, trew@hick.org
Cc:  
Subject: Re: kern/68905: core dumps are assigned wrong ownership
Date: Sat, 16 Feb 2008 14:44:19 +0100

 This is a multi-part message in MIME format.
 
 --Multipart=_Sat__16_Feb_2008_14_44_19_+0100_qDxOlQLAvZKL=+NR
 Content-Type: text/plain; charset=US-ASCII
 Content-Transfer-Encoding: 7bit
 
 Here is a patch, not much tested and obtained from OpenBSD.
 
 --Multipart=_Sat__16_Feb_2008_14_44_19_+0100_qDxOlQLAvZKL=+NR
 Content-Type: text/x-diff;
  name="kern-sig.diff"
 Content-Disposition: attachment;
  filename="kern-sig.diff"
 Content-Transfer-Encoding: 7bit
 
 Index: kern_sig.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/kern/kern_sig.c,v
 retrieving revision 1.355
 diff -u -p -r1.355 kern_sig.c
 --- kern_sig.c	13 Jan 2008 14:44:09 -0000	1.355
 +++ kern_sig.c	14 Jan 2008 13:32:06 -0000
 @@ -3110,9 +3110,14 @@ restart:
  	NDFREE(&nd, NDF_ONLY_PNBUF);
  	vp = nd.ni_vp;
  
 -	/* Don't dump to non-regular files or files with links. */
 +	/*
 +	 * Don't dump to non-regular files, files with links or files
 +	 * owned by someone else.
 +	 */
  	if (vp->v_type != VREG ||
 -	    VOP_GETATTR(vp, &vattr, cred, td) || vattr.va_nlink != 1) {
 +	    VOP_GETATTR(vp, &vattr, cred, td) || vattr.va_nlink != 1 ||
 +	    vattr.va_mode & (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH) ||
 +	    vattr.va_uid != cred->cr_uid) {
  		VOP_UNLOCK(vp, 0);
  		error = EFAULT;
  		goto close;
 
 
 --Multipart=_Sat__16_Feb_2008_14_44_19_+0100_qDxOlQLAvZKL=+NR--

From: Antoine Brodin <antoine@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/68905: core dumps are assigned wrong ownership
Date: Sat, 16 Feb 2008 15:20:18 +0100

 replying to myself, this patch is probably wrong when acls are used...

From: Volker <volker@vwsoft.com>
To: bug-followup@FreeBSD.org, Antoine Brodin <antoine@FreeBSD.org>
Cc:  
Subject: Re: kern/68905: [patch] core dumps are assigned wrong ownership
Date: Sat, 16 Feb 2008 19:57:02 +0100

 Antoine,
 
 as I noted in an internal message to secteam, I think the correct
 solution is to just unlink a previous existing core dump and then
 proceed regular.
Responsible-Changed-From-To: freebsd-bugs->secteam 
Responsible-Changed-By: remko 
Responsible-Changed-When: Sun Feb 17 08:08:07 UTC 2008 
Responsible-Changed-Why:  
reassign to secteam. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=68905 
>Unformatted:
