netbsd-bugs: kern/15994: added kern.sugid

Subject: kern/15994: added kern.sugid_coredump
To: None <gnats-bugs@gnats.netbsd.org>
From: Tomas Svensson <tsn@gbdev.net>
List: netbsd-bugs
Date: 03/21/2002 11:44:14
>Number:         15994
>Category:       kern
>Synopsis:       added kern.sugid_coredump
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 21 03:45:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Tomas Svensson
>Release:        NetBSD 1.5ZC
>Organization:
		BSD Slackers
>Environment:
		NetBSD 1.5ZC
>Description:
	It's currently not possible to get setuid/setgid executables
	to coredump without manually hacking the kernel sources, and
	this is quite annoying if you're debugging such programs.

	I added a sysctl to control this behaviour:

	# ./coretest <- does seteuid()
	Abort trap

	# sysctl -w kern.sugid_coredump=1
	kern.sugid_coredump: 0 -> 1

	# ./coretest
	Abort trap (core dumped)

>How-To-Repeat:
>Fix:

Index: sys/conf/param.c
===================================================================
RCS file: /cvsroot/syssrc/sys/conf/param.c,v
retrieving revision 1.40
diff -u -r1.40 param.c
--- param.c	2001/12/17 15:40:43	1.40
+++ param.c	2002/03/20 23:51:52
@@ -114,6 +114,7 @@
 int	ncallout = 16 + NPROC;	/* size of callwheel (rounded to ^2) */
 u_long	sb_max = SB_MAX;	/* maximum socket buffer size */
 int	fscale = FSCALE;	/* kernel uses `FSCALE', user uses `fscale' */
+int	sugid_coredump = 0;	/* make coredump when running suid/sgid */
 
 /*
  * Various mbuf-related parameters.  These can also be changed at run-time
Index: sys/kern/kern_sig.c
===================================================================
RCS file: /cvsroot/syssrc/sys/kern/kern_sig.c,v
retrieving revision 1.120
diff -u -r1.120 kern_sig.c
--- kern_sig.c	2002/03/08 20:48:40	1.120
+++ kern_sig.c	2002/03/20 23:51:55
@@ -1341,7 +1341,7 @@
 	/*
 	 * Make sure the process has not set-id, to prevent data leaks.
 	 */
-	if (p->p_flag & P_SUGID)
+	if ((p->p_flag & P_SUGID) && !sugid_coredump)
 		return (EPERM);
 
 	/*
Index: sys/kern/kern_sysctl.c
===================================================================
RCS file: /cvsroot/syssrc/sys/kern/kern_sysctl.c,v
retrieving revision 1.104
diff -u -r1.104 kern_sysctl.c
--- kern_sysctl.c	2002/03/20 00:27:26	1.104
+++ kern_sysctl.c	2002/03/20 23:51:55
@@ -568,6 +568,8 @@
 		    newp));
 	case KERN_MONOTONIC_CLOCK:	/* XXX _POSIX_VERSION */
 		return (sysctl_rdint(oldp, oldlenp, newp, 200112));
+	case KERN_SUGID_COREDUMP:
+		return (sysctl_int(oldp, oldlenp, newp, newlen, &sugid_coredump));
 	default:
 		return (EOPNOTSUPP);
 	}
Index: sys/sys/proc.h
===================================================================
RCS file: /cvsroot/syssrc/sys/sys/proc.h,v
retrieving revision 1.136
diff -u -r1.136 proc.h
--- proc.h	2002/01/11 21:16:27	1.136
+++ proc.h	2002/03/20 23:51:57
@@ -383,6 +383,7 @@
 
 extern struct proc	proc0;		/* Process slot for swapper */
 extern int		nprocs, maxproc; /* Current and max number of procs */
+extern int		sugid_coredump; /* coredump when sgid/suid */
 
 /* Process list lock; see kern_proc.c for locking protocol details */
 extern struct lock	proclist_lock;
Index: sys/sys/sysctl.h
===================================================================
RCS file: /cvsroot/syssrc/sys/sys/sysctl.h,v
retrieving revision 1.74
diff -u -r1.74 sysctl.h
--- sysctl.h	2002/03/20 00:23:46	1.74
+++ sysctl.h	2002/03/20 23:51:58
@@ -180,7 +180,8 @@
 #define	KERN_SBMAX		58	/* int: max socket buffer size */
 #define	KERN_TKSTAT		59	/* tty in/out counters */
 #define	KERN_MONOTONIC_CLOCK	60	/* int: POSIX monotonic clock */
-#define	KERN_MAXID		61	/* number of valid kern ids */
+#define	KERN_SUGID_COREDUMP	61	/* int: s[ug]id coredump */
+#define	KERN_MAXID		62	/* number of valid kern ids */
 
 #define	CTL_KERN_NAMES { \
 	{ 0, 0 }, \
@@ -244,6 +245,7 @@
 	{ "sbmax", CTLTYPE_INT }, \
 	{ "tkstat", CTLTYPE_NODE }, \
 	{ "monotonic_clock", CTLTYPE_INT }, \
+	{ "sugid_coredump", CTLTYPE_INT }, \
 }
 
 /*
Index: lib/libc/gen/sysctl.3
===================================================================
RCS file: /cvsroot/basesrc/lib/libc/gen/sysctl.3,v
retrieving revision 1.90
diff -u -r1.90 sysctl.3
--- sysctl.3	2002/02/26 16:07:23	1.90
+++ sysctl.3	2002/03/20 23:52:00
@@ -314,6 +314,7 @@
 .It KERN\_RTC\_OFFSET	integer	no
 .It KERN\_SAVED\_IDS	integer	no
 .It KERN\_SECURELVL	integer	raise only
+.It KERN\_SUGID\_COREDUMP	integer	yes
 .It KERN\_SYNCHRONIZED\_IO	integer	no
 .It KERN\_SYSVIPC\_INFO	node	not applicable
 .It KERN\_SYSVMSG	integer	no
@@ -579,6 +580,9 @@
 The system security level.
 This level may be raised by processes with appropriate privilege.
 It may only be lowered by process 1.
+.It Li KERN_SUGID_COREDUMP
+Returns 1 if if the system will create coredumps for processes that has
+set-id.
 .It Li KERN_SYNCHRONIZED_IO
 Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available
 on this system,
>Release-Note:
>Audit-Trail:
>Unformatted: