diff options
| author | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 1998-01-09 16:33:50 +0000 |
|---|---|---|
| committer | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 1998-01-09 16:33:50 +0000 |
| commit | 1e4adb28c7659158df5dd9c99480275327d532a3 (patch) | |
| tree | 19cd331526649ef5ebb38eefdfb14952019d11ea | |
| parent | cf2582baf0ff1957dea256c5c86c535b7bb84d56 (diff) | |
Get rid of dumping across symlinks. Races can cause this to be problematic
from a security standpoint (i.e. arbitrary files on the FS can be wiped out).
| -rw-r--r-- | sys/kern/kern_sig.c | 9 | ||||
| -rw-r--r-- | sys/kern/vfs_vnops.c | 12 | ||||
| -rw-r--r-- | sys/sys/fcntl.h | 8 |
3 files changed, 23 insertions, 6 deletions
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 70167fc076a..d8708bf31c0 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.23 1997/12/08 21:25:36 deraadt Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.24 1998/01/09 16:33:48 csapuntz Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -1103,7 +1103,7 @@ sigexit(p, signum) /* NOTREACHED */ } -int nosuidcoredump = 1; +int nosuidcoredump = 0; /* * Dump core, into a file named "progname.core", unless the process was @@ -1146,7 +1146,10 @@ coredump(p) sprintf(name, "%s.core", p->p_comm); NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); - if ((error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR)) != 0) { + + error = vn_open(&nd, O_CREAT | FWRITE | FNOSYMLINK, S_IRUSR | S_IWUSR); + + if (error) { crfree(cred); return (error); } diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 401e95a7375..9e6acaa698c 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_vnops.c,v 1.13 1997/12/10 19:44:09 deraadt Exp $ */ +/* $OpenBSD: vfs_vnops.c,v 1.14 1998/01/09 16:33:49 csapuntz Exp $ */ /* $NetBSD: vfs_vnops.c,v 1.20 1996/02/04 02:18:41 christos Exp $ */ /* @@ -81,10 +81,12 @@ vn_open(ndp, fmode, cmode) if (fmode & O_CREAT) { ndp->ni_cnd.cn_nameiop = CREATE; ndp->ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF; - if ((fmode & O_EXCL) == 0) + if (((fmode & O_EXCL) == 0) && + ((fmode & FNOSYMLINK) == 0)) ndp->ni_cnd.cn_flags |= FOLLOW; if ((error = namei(ndp)) != 0) return (error); + if (ndp->ni_vp == NULL) { VATTR_NULL(&va); va.va_type = VREG; @@ -108,6 +110,12 @@ vn_open(ndp, fmode, cmode) error = EEXIST; goto bad; } + if ((ndp->ni_vp->v_type == VLNK) & + ((fmode & FNOSYMLINK) != 0)) { + error = EFTYPE; + goto bad; + } + fmode &= ~O_CREAT; } } else { diff --git a/sys/sys/fcntl.h b/sys/sys/fcntl.h index 8b72150e986..1acb5a2bb8e 100644 --- a/sys/sys/fcntl.h +++ b/sys/sys/fcntl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: fcntl.h,v 1.4 1997/10/24 09:04:24 deraadt Exp $ */ +/* $OpenBSD: fcntl.h,v 1.5 1998/01/09 16:33:47 csapuntz Exp $ */ /* $NetBSD: fcntl.h,v 1.8 1995/03/26 20:24:12 jtc Exp $ */ /*- @@ -94,6 +94,12 @@ #define FMARK 0x1000 /* mark during gc() */ #define FDEFER 0x2000 /* defer for next gc pass */ #define FHASLOCK 0x4000 /* descriptor holds advisory lock */ + +/* Note: The below is not a flag that can be used in the struct file. + It's an option that can be passed to vn_open to make sure it doesn't + follow a symlink on the last lookup */ +#define FNOSYMLINK 0x10000 /* Don't follow symlink for last + component */ #endif /* defined by POSIX 1003.1; BSD default, this bit is not required */ |