From: Vitaliy Makkoveev <mvs@openbsd.org>
Subject: sysctl(2): unlock `nosuidcoredump'
To: Claudio Jeker <claudio@openbsd.org>, tech@openbsd.org
Date: Tue, 17 Dec 2024 02:18:11 +0300

It is atomically accessed integer. coredump() reads it multiple times,
so cache value to `nosuidcoredump_local'.

Index: sys/kern/kern_sig.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_sig.c,v
diff -u -p -r1.352 kern_sig.c
--- sys/kern/kern_sig.c	24 Nov 2024 12:58:06 -0000	1.352
+++ sys/kern/kern_sig.c	16 Dec 2024 23:12:12 -0000
@@ -68,7 +68,12 @@
 #include <uvm/uvm_extern.h>
 #include <machine/tcb.h>
 
-int nosuidcoredump = 1;
+/*
+ * Locks used to protect data:
+ *	a	atomic
+ */
+
+int nosuidcoredump = 1;		/* [a] */
 
 /*
  * The array below categorizes the signals and their default actions.
@@ -1742,6 +1747,7 @@ coredump(struct proc *p)
 	int error, len, incrash = 0;
 	char *name;
 	const char *dir = "/var/crash";
+	int nosuidcoredump_local = atomic_load_int(&nosuidcoredump);
 
 	atomic_setbits_int(&pr->ps_flags, PS_COREDUMP);
 
@@ -1761,8 +1767,8 @@ coredump(struct proc *p)
 	 * determines coredump placement policy.
 	 */
 	if (((pr->ps_flags & PS_SUGID) && (error = suser(p))) ||
-	   ((pr->ps_flags & PS_SUGID) && nosuidcoredump)) {
-		if (nosuidcoredump == 3) {
+	   ((pr->ps_flags & PS_SUGID) && nosuidcoredump_local)) {
+		if (nosuidcoredump_local == 3) {
 			/*
 			 * If the program directory does not exist, dumps of
 			 * that core will silently fail.
@@ -1770,7 +1776,7 @@ coredump(struct proc *p)
 			len = snprintf(name, MAXPATHLEN, "%s/%s/%u.core",
 			    dir, pr->ps_comm, pr->ps_pid);
 			incrash = KERNELPATH;
-		} else if (nosuidcoredump == 2) {
+		} else if (nosuidcoredump_local == 2) {
 			len = snprintf(name, MAXPATHLEN, "%s/%s.core",
 			    dir, pr->ps_comm);
 			incrash = KERNELPATH;
Index: sys/kern/kern_sysctl.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
diff -u -p -r1.458 kern_sysctl.c
--- sys/kern/kern_sysctl.c	16 Dec 2024 21:22:51 -0000	1.458
+++ sys/kern/kern_sysctl.c	16 Dec 2024 23:12:12 -0000
@@ -606,6 +606,7 @@ kern_sysctl(int *name, u_int namelen, vo
 	case KERN_NTHREADS:
 	case KERN_SOMAXCONN:
 	case KERN_SOMINCONN:
+	case KERN_NOSUIDCOREDUMP:
 	case KERN_FSYNC:
 	case KERN_SYSVMSG:
 	case KERN_SYSVSEM: