diff options
| author | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 1998-01-09 16:33:50 +0000 |
|---|---|---|
| committer | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 1998-01-09 16:33:50 +0000 |
| commit | 1e4adb28c7659158df5dd9c99480275327d532a3 (patch) | |
| tree | 19cd331526649ef5ebb38eefdfb14952019d11ea /sys/kern/kern_sig.c | |
| parent | cf2582baf0ff1957dea256c5c86c535b7bb84d56 (diff) | |
Get rid of dumping across symlinks. Races can cause this to be problematic
from a security standpoint (i.e. arbitrary files on the FS can be wiped out).
Diffstat (limited to 'sys/kern/kern_sig.c')
| -rw-r--r-- | sys/kern/kern_sig.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 70167fc076a..d8708bf31c0 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.23 1997/12/08 21:25:36 deraadt Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.24 1998/01/09 16:33:48 csapuntz Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -1103,7 +1103,7 @@ sigexit(p, signum) /* NOTREACHED */ } -int nosuidcoredump = 1; +int nosuidcoredump = 0; /* * Dump core, into a file named "progname.core", unless the process was @@ -1146,7 +1146,10 @@ coredump(p) sprintf(name, "%s.core", p->p_comm); NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); - if ((error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR)) != 0) { + + error = vn_open(&nd, O_CREAT | FWRITE | FNOSYMLINK, S_IRUSR | S_IWUSR); + + if (error) { crfree(cred); return (error); } |