1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
#!/bin/sh
# Copyright 2013 Paul Wise <pabs@debian.org>
#
# Permission to use, copy, modify, and/or distribute this software for
# any purpose with or without fee is hereby granted, provided that the
# above copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND I DISCLAIM ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL I BE LIABLE FOR ANY
# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# corekeeper dump adds some extra privacy on Linux multi-user systems
# by putting core files into per-user directories. This is needed
# because Linux does not create directories when dumping core files
# and it is apparently painful to do that from within Linux.
#
# Thanks for the security audits go to:
# Jakub Wilk <jwilk@jwilk.net>
# Kees Cook <kees@debian.org>
set -e
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
case "$1" in
(--*)
# Option based command-line
while [ $# -gt 0 ] ; do
case "$1" in
(--dumpable)
# Old Linux kernels do not support %d
# use the safest dumpable option there
case "$2" in
(--*) dumpable=2; shift;;
(*) dumpable="$2"; shift 2;;
esac
;;
(--owner) owner="$2"; shift 2;;
(--limit) limit="$2"; shift 2;;
# Use remaining arguments for core name
(--core) shift; core="$*.core"; break;;
(*)
echo "Unknown option: $1" 1>&2
exit 1
;;
esac
done
;;
(*[!0-9]*|'')
echo "Unknown or missing arguments" 1>&2
exit 1
;;
(*)
# Dumpable, owner and core file based command-line
case "$2" in
# Old Linux kernels do not support %d
# use the safest dumpable option there
(*[!0-9]*|'') dumpable=2 ;;
(*) dumpable="$1"; shift ;;
esac
owner="$1"; shift
core="$*"
;;
esac
# Set the core file owner safely
SUID_DUMP_DISABLE=0
SUID_DUMP_USER=1
SUID_DUMP_ROOT=2
case "$dumpable" in
("$SUID_DUMP_DISABLE") exit 0;;
("$SUID_DUMP_USER") ;;
("$SUID_DUMP_ROOT"|*) owner=0;;
esac
# Convert potentially unsafe characters to a safe character
core="$(printf '%s' "$core" | tr -c '[:alnum:]+._-' '-')"
umask 0077
mkdir -p "/var/crash/$owner"
chown "$owner" "/var/crash/$owner"
case "$limit" in
# Core dump is not numeric, no nothing
(*[!0-9]*) ;;
# Core dump limit is empty, write full dump
('')
owner="$owner" core="$core" \
su -s /bin/sh -c '/bin/cat > /var/crash/"$owner"/"$core"' \
"$(getent passwd "$owner" | cut -d: -f1)"
;;
# Core dump limit is non-zero, restrict dump size
(*[!0]*)
owner="$owner" core="$core" limit="$limit" \
su -s /bin/sh -c 'head -c "$limit" > /var/crash/"$owner"/"$core"' \
"$(getent passwd "$owner" | cut -d: -f1)"
;;
# Core dumping is disabled, no nothing
(*) ;;
esac
|
