[thirdparty/kernel/stable-queue.git] / releases / 2.6.27.46 / coredump-suppress-uid-comparison-test-if-core-output-files-are-pipes.patch

From 76595f79d76fbe6267a51b3a866a028d150f06d4 Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@tuxdriver.com>
Date: Fri, 5 Mar 2010 13:44:16 -0800
Subject: coredump: suppress uid comparison test if core output files are pipes

From: Neil Horman <nhorman@tuxdriver.com>

commit 76595f79d76fbe6267a51b3a866a028d150f06d4 upstream.

Modify uid check in do_coredump so as to not apply it in the case of
pipes.

This just got noticed in testing.  The end of do_coredump validates the
uid of the inode for the created file against the uid of the crashing
process to ensure that no one can pre-create a core file with different
ownership and grab the information contained in the core when they
shouldn' tbe able to.  This causes failures when using pipes for a core
dumps if the crashing process is not root, which is the uid of the pipe
when it is created.

The fix is simple.  Since the check for matching uid's isn't relevant for
pipes (a process can't create a pipe that the uermodehelper code will open
anyway), we can just just skip it in the event ispipe is non-zero

Reverts a pipe-affecting change which was accidentally made in

: commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
: Author:     Ingo Molnar <mingo@elte.hu>
: AuthorDate: Wed Nov 28 13:59:18 2007 +0100
: Commit:     Linus Torvalds <torvalds@woody.linux-foundation.org>
: CommitDate: Wed Nov 28 10:58:01 2007 -0800
:
:     vfs: coredumping fix

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: maximilian attems <max@stro.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 fs/exec.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1826,8 +1826,9 @@ int do_coredump(long signr, int exit_cod
 	/*
 	 * Dont allow local users get cute and trick others to coredump
 	 * into their pre-created files:
+	 * Note, this is not relevant for pipes
 	 */
-	if (inode->i_uid != current->fsuid)
+	if (!ispipe && (inode->i_uid != current->fsuid))
 		goto close_fail;
 	if (!file->f_op)
 		goto close_fail;
Commit	Line	Data
d9fdd6fb GKH	1	From 76595f79d76fbe6267a51b3a866a028d150f06d4 Mon Sep 17 00:00:00 2001
	2	From: Neil Horman <nhorman@tuxdriver.com>
	3	Date: Fri, 5 Mar 2010 13:44:16 -0800
	4	Subject: coredump: suppress uid comparison test if core output files are pipes
	5
	6	From: Neil Horman <nhorman@tuxdriver.com>
	7
	8	commit 76595f79d76fbe6267a51b3a866a028d150f06d4 upstream.
	9
	10	Modify uid check in do_coredump so as to not apply it in the case of
	11	pipes.
	12
	13	This just got noticed in testing. The end of do_coredump validates the
	14	uid of the inode for the created file against the uid of the crashing
	15	process to ensure that no one can pre-create a core file with different
	16	ownership and grab the information contained in the core when they
	17	shouldn' tbe able to. This causes failures when using pipes for a core
	18	dumps if the crashing process is not root, which is the uid of the pipe
	19	when it is created.
	20
	21	The fix is simple. Since the check for matching uid's isn't relevant for
	22	pipes (a process can't create a pipe that the uermodehelper code will open
	23	anyway), we can just just skip it in the event ispipe is non-zero
	24
	25	Reverts a pipe-affecting change which was accidentally made in
	26
	27	: commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
	28	: Author: Ingo Molnar <mingo@elte.hu>
	29	: AuthorDate: Wed Nov 28 13:59:18 2007 +0100
	30	: Commit: Linus Torvalds <torvalds@woody.linux-foundation.org>
	31	: CommitDate: Wed Nov 28 10:58:01 2007 -0800
	32	:
	33	: vfs: coredumping fix
	34
	35	Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
	36	Cc: Andi Kleen <andi@firstfloor.org>
	37	Cc: Oleg Nesterov <oleg@redhat.com>
	38	Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
	39	Cc: Al Viro <viro@zeniv.linux.org.uk>
	40	Cc: Ingo Molnar <mingo@elte.hu>
	41	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	42	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	43	Cc: maximilian attems <max@stro.at>
	44	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	45
	46	---
	47	fs/exec.c \| 3 ++-
	48	1 file changed, 2 insertions(+), 1 deletion(-)
	49
	50	--- a/fs/exec.c
	51	+++ b/fs/exec.c
	52	@@ -1826,8 +1826,9 @@ int do_coredump(long signr, int exit_cod
	53	/*
	54	* Dont allow local users get cute and trick others to coredump
	55	* into their pre-created files:
	56	+ * Note, this is not relevant for pipes
	57	*/
	58	- if (inode->i_uid != current->fsuid)
0fa428d6	59	+ if (!ispipe && (inode->i_uid != current->fsuid))
d9fdd6fb GKH	60	goto close_fail;
	61	if (!file->f_op)
	62	goto close_fail;