netbsd-bugs: kern/1565: default core dump mode should be configurable

Subject: kern/1565: default core dump mode should be configurable
To: None <gnats-bugs@gnats.netbsd.org>
From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
List: netbsd-bugs
Date: 10/04/1995 14:16:15
>Number:         1565
>Category:       kern
>Synopsis:       default core dump mode should be configurable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Oct  5 22:05:01 1995
>Last-Modified:
>Originator:     Bill Sommerfeld
>Organization:
none
>Release:        950927
>Environment:
	
System: NetBSD orchard.medford.ma.us 1.0A NetBSD 1.0A (ORCHARD) #4: Wed Oct 4 09:27:06 EDT 1995 sommerfe@orchard.medford.ma.us:/u1/jsys/sys/arch/i386/compile/ORCHARD i386


>Description:
	core files are created mode 0644 by default, and the
	umask doesn't affect the mode of the core file.

	This seems like the worst of both worlds; it's not secure enough 
	for security jocks like me (who want to avoid disclosing encryption
	keys in world readable core files), and it gets in the way of
	those trusting souls who like to run with umask 0 and have
	everything be world writable..

	The default core dump mode should be a configurable parameter,
	and it should be modified by the umask of the process.

	Note that the changes below do not affect the default core dump mode.

	I'm willing to make further changes to this patch if it will
	increase the chance of acceptance into NetBSD.

>How-To-Repeat:
	umask 66
	<make something dump core>
	ls -l *.core
	be surprised that the file is mode 644 instead of 600

>Fix:

*** /sys/conf/param.c~	Wed Mar  8 06:27:05 1995
--- /sys/conf/param.c	Wed Oct  4 09:21:34 1995
***************
*** 164,166 ****
--- 164,172 ----
  char	*buffers;
  
  struct	utsname utsname;
+ 
+ /* Default core file creation mode, masked with umask */
+ #ifndef COREMODE
+ #define COREMODE S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH
+ #endif
+ int coremode = COREMODE;

*** /sys/kern/kern_sig.c~	Wed Oct  4 09:03:15 1995
--- /sys/kern/kern_sig.c	Wed Oct  4 09:50:44 1995
***************
*** 45,50 ****
--- 45,51 ----
  #include <sys/signalvar.h>
  #include <sys/resourcevar.h>
  #include <sys/namei.h>
+ #include <sys/filedesc.h>
  #include <sys/vnode.h>
  #include <sys/proc.h>
  #include <sys/systm.h>
***************
*** 1020,1025 ****
--- 1021,1027 ----
  	/* NOTREACHED */
  }
  
+ extern int coremode;		/* default core permissions, in param.c */
  /*
   * Dump core, into a file named "progname.core", unless the process was
   * setuid/setgid.
***************
*** 1032,1037 ****
--- 1034,1040 ----
  	register struct pcred *pcred = p->p_cred;
  	register struct ucred *cred = pcred->pc_ucred;
  	register struct vmspace *vm = p->p_vmspace;
+ 	register struct filedesc *fdp = p->p_fd;
  	struct nameidata nd;
  	struct vattr vattr;
  	int error, error1;
***************
*** 1045,1052 ****
  		return (EFAULT);
  	sprintf(name, "%s.core", p->p_comm);
  	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p);
! 	if (error = vn_open(&nd,
! 	    O_CREAT | FWRITE, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))
  		return (error);
  	vp = nd.ni_vp;
  
--- 1048,1055 ----
  		return (EFAULT);
  	sprintf(name, "%s.core", p->p_comm);
  	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p);
! 	if (error = vn_open(&nd, O_CREAT | FWRITE,
! 			    (coremode &~ fdp->fd_cmask)))
  		return (error);
  	vp = nd.ni_vp;
  
>Audit-Trail:
>Unformatted: