coredump: dump priviliges when processing system coredumps

Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump was created under. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
2016-02-08 23:35:24 +01:00 · 2016-02-08 23:35:24 +01:00 · 888e378da2
parent 15a900327a
commit 888e378da2
5 changed files with 20 additions and 4 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -4870,7 +4870,6 @@ nodist_systemunit_DATA += \
 GENERAL_ALIASES += \
 	$(systemunitdir)/systemd-timesyncd.service $(pkgsysconfdir)/system/sysinit.target.wants/systemd-timesyncd.service

-
 nodist_pkgsysconf_DATA += \
 	src/timesync/timesyncd.conf

--- a/3
+++ b/3
@ -203,6 +203,9 @@ USERS AND GROUPS:
        Similarly, the kdbus dbus1 proxy daemon requires the
        "systemd-bus-proxy" system user and group to exist.

+        Similarly, the coredump support requires the
+        "systemd-coredump" system user and group to exist.
+
 NSS:
        systemd ships with three NSS modules:

--- a/configure.ac
+++ b/configure.ac
@ -1106,6 +1106,7 @@ have_coredump=no
 AC_ARG_ENABLE(coredump, AS_HELP_STRING([--disable-coredump], [disable coredump hook]))
 if test "x$enable_coredump" != "xno"; then
        have_coredump=yes
+        M4_DEFINES="$M4_DEFINES -DENABLE_COREDUMP"
 fi
 AM_CONDITIONAL(ENABLE_COREDUMP, [test "$have_coredump" = "yes"])

--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@ -569,9 +569,19 @@ static int change_uid_gid(const char *context[]) {
        if (r < 0)
                return r;

-        r = parse_gid(context[CONTEXT_GID], &gid);
-        if (r < 0)
-                return r;
+        if (uid <= SYSTEM_UID_MAX) {
+                const char *user = "systemd-coredump";
+
+                r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+                if (r < 0) {
+                        log_warning_errno(r, "Cannot resolve %s user. Proceeding to dump core as root: %m", user);
+                        uid = gid = 0;
+                }
+        } else {
+                r = parse_gid(context[CONTEXT_GID], &gid);
+                if (r < 0)
+                        return r;
+        }

        return drop_privileges(uid, gid, 0);
 }
--- a/sysusers.d/systemd.conf.m4
+++ b/sysusers.d/systemd.conf.m4
@ -16,3 +16,6 @@ u systemd-resolve   - "systemd Resolver"
 m4_ifdef(`ENABLE_TIMESYNCD',
 u systemd-timesync  - "systemd Time Synchronization"
 )m4_dnl
+m4_ifdef(`ENABLE_COREDUMP',
+u systemd-coredump  - "systemd Core Dumper"
+)m4_dnl