From 5ebb15b942bfe98b9b972117ecb04e97de8cb947 Mon Sep 17 00:00:00 2001 From: Pawel Jakub Dawidek Date: Tue, 11 Nov 2014 04:48:09 +0000 Subject: Add missing privilege check when setting the dump device. Before that change it was possible for a regular user to setup the dump device if he had write access to the given device. In theory it is a security issue as user might get access to kernel's memory after provoking kernel crash, but in practise it is not recommended to give regular users direct access to storage devices. Rework the code so that we do privileges check within the set_dumper() function to avoid similar problems in the future. Discussed with: secteam --- sys/kern/kern_shutdown.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'sys/kern') diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c index dfdca15194aa..357099b59b09 100644 --- a/sys/kern/kern_shutdown.c +++ b/sys/kern/kern_shutdown.c @@ -827,9 +827,14 @@ SYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD, /* Registration of dumpers */ int -set_dumper(struct dumperinfo *di, const char *devname) +set_dumper(struct dumperinfo *di, const char *devname, struct thread *td) { size_t wantcopy; + int error; + + error = priv_check(td, PRIV_SETDUMPER); + if (error != 0) + return (error); if (di == NULL) { bzero(&dumper, sizeof dumper); -- cgit v1.2.3