Re: [PATCH] coredump - as root not only if euid switched

[Linus Torvalds]

On Thu, 22 Apr 2004, Peter Wächtler wrote:
>
> > hm, OK.  There's a window in which someone can come in and recreate the
> > file, but the open is using O_EXCL|O_CREATE so that seems safe enough.
> 
> So here is the updated patch with an open coded call to sys_unlink

Aughr. 

Wouldn't it be much nicer to just refuse to overwrite files owned by 
anybody else?

In other words, I'd much rather see a patch that is a much simpler one, 
which just says: if we opened an existing file, we won't touch it if we 
weren't the owners of it.

That should be safe for root _and_ it should be safe for people who 
already had a file descriptor open previously (hey, if the previous 
root-owned core-file was world readable, then what else is new?)

Tell me why this isn't simpler?

		Linus

---
--- 1.111/fs/exec.c	Wed Apr 21 02:11:57 2004
+++ edited/fs/exec.c	Thu Apr 22 13:03:27 2004
@@ -1378,6 +1378,8 @@
 	inode = file->f_dentry->d_inode;
 	if (inode->i_nlink > 1)
 		goto close_fail;	/* multiple links - don't dump */
+	if (inode->i_uid != current->euid || inode->i_gid != current->egid)
+		goto close_fail;
 	if (d_unhashed(file->f_dentry))
 		goto close_fail;
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/