/*
* Dump core, into a file named "progname.core" or "core" (depending on the
* value of shortcorename), unless the process was setuid/setgid.
*/
static int
coredump(struct lwp *l, const char *pattern)
{
struct vnode *vp;
struct proc *p;
struct vmspace *vm;
kauth_cred_t cred;
struct pathbuf *pb;
struct nameidata nd;
struct vattr vattr;
struct coredump_iostate io;
struct plimit *lim;
int error, error1;
char *name, *lastslash;
name = PNBUF_GET();
p = l->l_proc;
vm = p->p_vmspace;
mutex_enter(proc_lock); /* p_session */
mutex_enter(p->p_lock);
/*
* Refuse to core if the data + stack + user size is larger than
* the core dump limit. XXX THIS IS WRONG, because of mapped
* data.
*/
if (USPACE + ctob(vm->vm_dsize + vm->vm_ssize) >=
p->p_rlimit[RLIMIT_CORE].rlim_cur) {
error = EFBIG; /* better error code? */
mutex_exit(p->p_lock);
mutex_exit(proc_lock);
goto done;
}
/*
* It may well not be curproc, so grab a reference to its current
* credentials.
*/
kauth_cred_hold(p->p_cred);
cred = p->p_cred;
/*
* Make sure the process has not set-id, to prevent data leaks,
* unless it was specifically requested to allow set-id coredumps.
*/
if (p->p_flag & PK_SUGID) {
if (!security_setidcore_dump) {
error = EPERM;
mutex_exit(p->p_lock);
mutex_exit(proc_lock);
goto done;
}
pattern = security_setidcore_path;
}
/* Lock, as p_limit and pl_corename might change. */
lim = p->p_limit;
mutex_enter(&lim->pl_lock);
if (pattern == NULL) {
pattern = lim->pl_corename;
}
error = coredump_buildname(p, name, pattern, MAXPATHLEN);
mutex_exit(&lim->pl_lock);
if (error) {
mutex_exit(p->p_lock);
mutex_exit(proc_lock);
goto done;
}
/*
* On a simple filename, see if the filesystem allow us to write
* core dumps there.
*/
lastslash = strrchr(name, '/');
if (!lastslash) {
vp = p->p_cwdi->cwdi_cdir;
if (vp->v_mount == NULL ||
(vp->v_mount->mnt_flag & MNT_NOCOREDUMP) != 0)
error = EPERM;
}
mutex_exit(p->p_lock);
mutex_exit(proc_lock);
if (error)
goto done;
/*
* On a complex filename, see if the filesystem allow us to write
* core dumps there.
*
* XXX: We should have an API that avoids double lookups
*/
if (lastslash) {
char c[2];
if (lastslash - name >= MAXPATHLEN - 2) {
error = EPERM;
goto done;
}
c[0] = lastslash[1];
c[1] = lastslash[2];
lastslash[1] = '.';
lastslash[2] = '\0';
error = namei_simple_kernel(name, NSM_FOLLOW_NOEMULROOT, &vp);
if (error)
goto done;
if (vp->v_mount == NULL ||
(vp->v_mount->mnt_flag & MNT_NOCOREDUMP) != 0)
error = EPERM;
vrele(vp);
if (error)
goto done;
lastslash[1] = c[0];
lastslash[2] = c[1];
}
pb = pathbuf_create(name);
if (pb == NULL) {
error = ENOMEM;
goto done;
}
NDINIT(&nd, LOOKUP, NOFOLLOW, pb);
if ((error = vn_open(&nd, O_CREAT | O_NOFOLLOW | FWRITE,
S_IRUSR | S_IWUSR)) != 0) {
pathbuf_destroy(pb);
goto done;
}
vp = nd.ni_vp;
pathbuf_destroy(pb);
/*
* Don't dump to:
* - non-regular files
* - files with links
* - files we don't own
*/
if (vp->v_type != VREG ||
VOP_GETATTR(vp, &vattr, cred) || vattr.va_nlink != 1 ||
vattr.va_uid != kauth_cred_geteuid(cred)) {
error = EACCES;
goto out;
}
vattr_null(&vattr);
vattr.va_size = 0;
if ((p->p_flag & PK_SUGID) && security_setidcore_dump) {
vattr.va_uid = security_setidcore_owner;
vattr.va_gid = security_setidcore_group;
vattr.va_mode = security_setidcore_mode;
}
VOP_SETATTR(vp, &vattr, cred);
p->p_acflag |= ACORE;
io.io_lwp = l;
io.io_vp = vp;
io.io_cred = cred;
io.io_offset = 0;
/* Now dump the actual core file. */
error = (*p->p_execsw->es_coredump)(l, &io);
out:
VOP_UNLOCK(vp);
error1 = vn_close(vp, FWRITE, cred);
if (error == 0)
error = error1;
done:
if (name != NULL)
PNBUF_PUT(name);
return error;
}
/*
* Dump core, into a file named "progname.core" or "core" (depending on the
* value of shortcorename), unless the process was setuid/setgid.
*/
int
coredump(struct lwp *l, const char *pattern)
{
struct vnode *vp;
struct proc *p;
struct vmspace *vm;
kauth_cred_t cred;
struct nameidata nd;
struct vattr vattr;
struct coredump_iostate io;
struct plimit *lim;
int error, error1;
char *name;
name = PNBUF_GET();
p = l->l_proc;
vm = p->p_vmspace;
mutex_enter(proc_lock); /* p_session */
mutex_enter(p->p_lock);
/*
* Refuse to core if the data + stack + user size is larger than
* the core dump limit. XXX THIS IS WRONG, because of mapped
* data.
*/
if (USPACE + ctob(vm->vm_dsize + vm->vm_ssize) >=
p->p_rlimit[RLIMIT_CORE].rlim_cur) {
error = EFBIG; /* better error code? */
mutex_exit(p->p_lock);
mutex_exit(proc_lock);
goto done;
}
/*
* It may well not be curproc, so grab a reference to its current
* credentials.
*/
kauth_cred_hold(p->p_cred);
cred = p->p_cred;
/*
* The core dump will go in the current working directory. Make
* sure that the directory is still there and that the mount flags
* allow us to write core dumps there.
*
* XXX: this is partially bogus, it should be checking the directory
* into which the file is actually written - which probably needs
* a flag on namei()
*/
vp = p->p_cwdi->cwdi_cdir;
if (vp->v_mount == NULL ||
(vp->v_mount->mnt_flag & MNT_NOCOREDUMP) != 0) {
error = EPERM;
mutex_exit(p->p_lock);
mutex_exit(proc_lock);
goto done;
}
/*
* Make sure the process has not set-id, to prevent data leaks,
* unless it was specifically requested to allow set-id coredumps.
*/
if (p->p_flag & PK_SUGID) {
if (!security_setidcore_dump) {
error = EPERM;
mutex_exit(p->p_lock);
mutex_exit(proc_lock);
goto done;
}
pattern = security_setidcore_path;
}
/* It is (just) possible for p_limit and pl_corename to change */
lim = p->p_limit;
mutex_enter(&lim->pl_lock);
if (pattern == NULL)
pattern = lim->pl_corename;
error = coredump_buildname(p, name, pattern, MAXPATHLEN);
mutex_exit(&lim->pl_lock);
mutex_exit(p->p_lock);
mutex_exit(proc_lock);
if (error)
goto done;
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name);
if ((error = vn_open(&nd, O_CREAT | O_NOFOLLOW | FWRITE,
S_IRUSR | S_IWUSR)) != 0)
goto done;
vp = nd.ni_vp;
/* Don't dump to non-regular files or files with links. */
if (vp->v_type != VREG ||
VOP_GETATTR(vp, &vattr, cred) || vattr.va_nlink != 1) {
error = EINVAL;
goto out;
}
VATTR_NULL(&vattr);
vattr.va_size = 0;
if ((p->p_flag & PK_SUGID) && security_setidcore_dump) {
vattr.va_uid = security_setidcore_owner;
vattr.va_gid = security_setidcore_group;
vattr.va_mode = security_setidcore_mode;
}
VOP_SETATTR(vp, &vattr, cred);
p->p_acflag |= ACORE;
io.io_lwp = l;
io.io_vp = vp;
io.io_cred = cred;
io.io_offset = 0;
/* Now dump the actual core file. */
error = (*p->p_execsw->es_coredump)(l, &io);
out:
VOP_UNLOCK(vp, 0);
error1 = vn_close(vp, FWRITE, cred);
if (error == 0)
error = error1;
done:
if (name != NULL)
PNBUF_PUT(name);
return error;
}
