From: deraadt Date: Mon, 10 Jul 2023 22:54:40 +0000 (+0000) Subject: Allow unveiled programs to dump core (in the default, classic, into . way) X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=8447828fb0903987bef7a6c07a95b4bcfafa9315;p=openbsd Allow unveiled programs to dump core (in the default, classic, into . way) by passing BYPASSUNVEIL just for this vnode. The coredump() code is quite careful, so this will be fine. ok kn kettenis semarie --- diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 5304c904dab..98683fe16ff 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.307 2023/06/28 08:23:25 claudio Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.308 2023/07/10 22:54:40 deraadt Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -1699,7 +1699,7 @@ coredump(struct proc *p) } /* incrash should be 0 or KERNELPATH only */ - NDINIT(&nd, 0, incrash, UIO_SYSSPACE, name, p); + NDINIT(&nd, 0, BYPASSUNVEIL | incrash, UIO_SYSSPACE, name, p); error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW | O_NONBLOCK, S_IRUSR | S_IWUSR); diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index e6a175e9f16..765b70a0947 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_vnops.c,v 1.121 2022/08/14 01:58:28 jsg Exp $ */ +/* $OpenBSD: vfs_vnops.c,v 1.122 2023/07/10 22:54:40 deraadt Exp $ */ /* $NetBSD: vfs_vnops.c,v 1.20 1996/02/04 02:18:41 christos Exp $ */ /* @@ -86,13 +86,13 @@ vn_open(struct nameidata *ndp, int fmode, int cmode) int error; /* - * The only valid flag to pass in here from NDINIT is - * KERNELPATH, This function will override the nameiop based - * on the fmode and cmode flags, So validate that our caller - * has not set other flags or operations in the nameidata + * The only valid flags to pass in here from NDINIT are + * KERNELPATH or BYPASSUNVEIL. This function will override the + * nameiop based on the fmode and cmode flags, so validate that + * our caller has not set other flags or operations in the nameidata * structure. */ - KASSERT(ndp->ni_cnd.cn_flags == 0 || ndp->ni_cnd.cn_flags == KERNELPATH); + KASSERT((ndp->ni_cnd.cn_flags & ~(KERNELPATH|BYPASSUNVEIL)) == 0); KASSERT(ndp->ni_cnd.cn_nameiop == 0); if ((fmode & (FREAD|FWRITE)) == 0)