From 6635f57d3eeb16051b00ba331da3c8d4f7e578da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 3 Apr 2020 22:05:25 +0200
Subject: [PATCH] sysctl: enable coredump for suid binaries

Right now the kernel will not dump anything that went through setuid or
setgid. But it is routine for daemons to do that, and it makes things hard to
debug.

systemd-coredump saves the coredump readable by the users the process was
running as. This should be enough to avoid information leakage. So let's also
tell the kernel to do the coredump.

For https://bugzilla.redhat.com/show_bug.cgi?id=1790972.

Both patterns are stored in the same file, so they are enabled or disabled
together. (Though suid_dumpable=2 is supposed to be safe even when writing to
plain files.)
---
 NEWS                         |  6 ++++++
 sysctl.d/50-coredump.conf.in | 21 ++++++++++++++++++---
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index b6030f1ff7..29e5490b9b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,11 @@
 systemd System and Service Manager
 
+CHANGES WITH 246 in spe:
+        * The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
+          systemd-coredump to save core files for suid processes. When saving
+          the core file, systemd-coredump will use the effective uid and gid of
+          the process that faulted.
+
 CHANGES WITH 245:
 
         * A new tool "systemd-repart" has been added, that operates as an
diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in
index 47bf847693..da76fd71d6 100644
--- a/sysctl.d/50-coredump.conf.in
+++ b/sysctl.d/50-coredump.conf.in
@@ -5,8 +5,23 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See sysctl.d(5) for the description of the files in this directory,
-# and systemd-coredump(8) and core(5) for the explanation of the
-# setting below.
+# See sysctl.d(5) for the description of the files in this directory.
 
+# Pipe the core file to systemd-coredump. The systemd-coredump process spawned
+# by the kernel will start a second copy of itself as the
+# systemd-coredump@.service, which will do the actual processing and storing of
+# the core dump.
+#
+# See systemd-coredump(8) and core(5).
 kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h
+
+# Also dump processes executing a set-user-ID/set-group-ID program that is
+# owned by a user/group other than the real user/group ID of the process, or
+# a program that has file capabilities. ("2" is called "suidsafe" in core(5)).
+#
+# systemd-coredump will store the core file owned by the effective uid and gid
+# of the running process (and not the filesystem-user-ID which the kernel uses
+# when saving a core dump).
+#
+# See proc(5), setuid(2), capabilities(7).
+fs.suid_dumpable=2