diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-07-27 18:22:38 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-07-27 18:22:38 +0000 |
| commit | 9b6863d94dc7e2fcbe81bf3f30df8f1e2f5f1385 (patch) | |
| tree | cc8c58e0e074cf7791e4b1876aa010f66bcd662b | |
| parent | 7c13808b4f009a97b014e864f2a76e7f464764fa (diff) | |
Rather than disabling tame to coredump, leave it enabled but flag that
a coredump is happening. This improves behaviour while threaded.
ok semarie
| -rw-r--r-- | sys/kern/kern_sig.c | 4 | ||||
| -rw-r--r-- | sys/kern/kern_tame.c | 5 | ||||
| -rw-r--r-- | sys/sys/proc.h | 3 |
3 files changed, 8 insertions, 4 deletions
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 7dd32e3049c..8afc60219ee 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.182 2015/07/20 00:19:14 beck Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.183 2015/07/27 18:22:37 deraadt Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -1421,7 +1421,6 @@ sigexit(struct proc *p, int signum) TAILQ_NEXT(p, p_thr_link) != NULL) single_thread_set(p, SINGLE_SUSPEND, 0); - atomic_clearbits_int(&p->p_p->ps_flags, PS_TAMED); if (coredump(p) == 0) signum |= WCOREFLAG; } @@ -1518,6 +1517,7 @@ coredump(struct proc *p) cred->cr_gid = 0; } + p->p_tamenote = TMN_COREDUMP; NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c index 6d601a25d3f..bfe9f3c73d5 100644 --- a/sys/kern/kern_tame.c +++ b/sys/kern/kern_tame.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_tame.c,v 1.15 2015/07/27 15:02:36 semarie Exp $ */ +/* $OpenBSD: kern_tame.c,v 1.16 2015/07/27 18:22:37 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -271,6 +271,9 @@ tame_namei(struct proc *p, char *origpath) { char path[PATH_MAX]; + if (p->p_tamenote == TMN_COREDUMP) + return (0); /* Allow a coredump */ + if (canonpath(origpath, path, sizeof(path)) != 0) return (tame_fail(p, EPERM, TAME_RPATH)); diff --git a/sys/sys/proc.h b/sys/sys/proc.h index f9473228bf8..dab3840a45c 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.202 2015/07/20 00:56:10 guenther Exp $ */ +/* $OpenBSD: proc.h,v 1.203 2015/07/27 18:22:37 deraadt Exp $ */ /* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */ /*- @@ -331,6 +331,7 @@ struct proc { #define TMN_IMODIFY 0x00000004 #define TMN_YPLOCK 0x00000008 #define TMN_DNSRESOLV 0x00000010 +#define TMN_COREDUMP 0x00000020 int p_tameafter; #ifndef __HAVE_MD_TCB |