# endif /* __hpux */
# include <prot.h>
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
+#ifdef __linux__
+# include <sys/prctl.h>
+#endif
#include <sudo_usage.h>
#include "sudo.h"
* Local functions
*/
static void fix_fds(void);
-static void disable_coredumps(void);
+static void disable_coredump(bool restore);
static void sudo_check_suid(const char *path);
static char **get_user_info(struct user_details *);
static void command_info_to_details(char * const info[],
static int iolog_show_version(struct plugin_container *plugin, int verbose);
static void iolog_unlink(struct plugin_container *plugin);
-#ifdef RLIMIT_CORE
-static struct rlimit corelimit;
-#endif
#ifdef __linux__
static struct rlimit nproclimit;
#endif
exit(EXIT_FAILURE); /* get_user_info printed error message */
/* Disable core dumps if not enabled in sudo.conf. */
- disable_coredumps();
+ if (sudo_conf_disable_coredump())
+ disable_coredump(false);
/* Parse command line arguments. */
sudo_mode = parse_args(argc, argv, &nargc, &nargv, &settings, &env_add);
/* Become full root (not just setuid) so user cannot kill us. */
if (setuid(ROOT_UID) == -1)
sudo_warn("setuid(%d)", ROOT_UID);
- /* Restore coredumpsize resource limit before running. */
-#ifdef RLIMIT_CORE
- if (sudo_conf_disable_coredump())
- (void) setrlimit(RLIMIT_CORE, &corelimit);
-#endif /* RLIMIT_CORE */
if (ISSET(command_details.flags, CD_SUDOEDIT)) {
status = sudo_edit(&command_details);
} else {
sigaction_t sa;
if (WCOREDUMP(status))
- disable_coredumps();
+ disable_coredump(false);
memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
/*
* Disable core dumps to avoid dropping a core with user password in it.
- * We will reset this limit before executing the command.
+ * Called with restore set to true before executing the command.
* Not all operating systems disable core dumps for setuid processes.
*/
static void
-disable_coredumps(void)
+disable_coredump(bool restore)
{
-#if defined(RLIMIT_CORE)
struct rlimit rl;
- debug_decl(disable_coredumps, SUDO_DEBUG_UTIL)
+ static struct rlimit corelimit;
+#ifdef __linux__
+ static int dumpflag;
+#endif
+ debug_decl(disable_coredump, SUDO_DEBUG_UTIL)
- /*
- * Turn off core dumps?
- */
- if (sudo_conf_disable_coredump()) {
- (void) getrlimit(RLIMIT_CORE, &corelimit);
- memcpy(&rl, &corelimit, sizeof(struct rlimit));
- rl.rlim_cur = 0;
- (void) setrlimit(RLIMIT_CORE, &rl);
+ if (restore) {
+ (void) setrlimit(RLIMIT_CORE, &corelimit);
+#ifdef __linux__
+ (void) prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0);
+#endif /* __linux__ */
+ debug_return;
}
+
+ (void) getrlimit(RLIMIT_CORE, &corelimit);
+ rl.rlim_cur = 0;
+ rl.rlim_max = 0;
+ (void) setrlimit(RLIMIT_CORE, &rl);
+#ifdef __linux__
+ /* On Linux, also set PR_SET_DUMPABLE to zero (reset by execve). */
+ if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1)
+ dumpflag = 0;
+ (void) prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
+#endif /* __linux__ */
+
debug_return;
-#endif /* RLIMIT_CORE */
}
/*
}
#endif
+ /* Restore coredumpsize resource limit before running. */
+ if (sudo_conf_disable_coredump())
+ disable_coredump(true);
+
if (details->pw != NULL) {
#ifdef HAVE_PROJECT_H
set_project(details->pw);
projects / sudo / commitdiff