From: Alexander Bluhm <bluhm@openbsd.org>
Subject: Re: sysctl(2): unlock `nosuidcoredump'
To: Vitaliy Makkoveev <mvs@openbsd.org>
Cc: Claudio Jeker <claudio@openbsd.org>, tech@openbsd.org
Date: Sat, 28 Dec 2024 15:18:09 +0100

On Tue, Dec 17, 2024 at 02:18:11AM +0300, Vitaliy Makkoveev wrote:
> It is atomically accessed integer. coredump() reads it multiple times,
> so cache value to `nosuidcoredump_local'.

OK bluhm@

> Index: sys/kern/kern_sig.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_sig.c,v
> diff -u -p -r1.352 kern_sig.c
> --- sys/kern/kern_sig.c	24 Nov 2024 12:58:06 -0000	1.352
> +++ sys/kern/kern_sig.c	16 Dec 2024 23:12:12 -0000
> @@ -68,7 +68,12 @@
>  #include <uvm/uvm_extern.h>
>  #include <machine/tcb.h>
>  
> -int nosuidcoredump = 1;
> +/*
> + * Locks used to protect data:
> + *	a	atomic
> + */
> +
> +int nosuidcoredump = 1;		/* [a] */
>  
>  /*
>   * The array below categorizes the signals and their default actions.
> @@ -1742,6 +1747,7 @@ coredump(struct proc *p)
>  	int error, len, incrash = 0;
>  	char *name;
>  	const char *dir = "/var/crash";
> +	int nosuidcoredump_local = atomic_load_int(&nosuidcoredump);
>  
>  	atomic_setbits_int(&pr->ps_flags, PS_COREDUMP);
>  
> @@ -1761,8 +1767,8 @@ coredump(struct proc *p)
>  	 * determines coredump placement policy.
>  	 */
>  	if (((pr->ps_flags & PS_SUGID) && (error = suser(p))) ||
> -	   ((pr->ps_flags & PS_SUGID) && nosuidcoredump)) {
> -		if (nosuidcoredump == 3) {
> +	   ((pr->ps_flags & PS_SUGID) && nosuidcoredump_local)) {
> +		if (nosuidcoredump_local == 3) {
>  			/*
>  			 * If the program directory does not exist, dumps of
>  			 * that core will silently fail.
> @@ -1770,7 +1776,7 @@ coredump(struct proc *p)
>  			len = snprintf(name, MAXPATHLEN, "%s/%s/%u.core",
>  			    dir, pr->ps_comm, pr->ps_pid);
>  			incrash = KERNELPATH;
> -		} else if (nosuidcoredump == 2) {
> +		} else if (nosuidcoredump_local == 2) {
>  			len = snprintf(name, MAXPATHLEN, "%s/%s.core",
>  			    dir, pr->ps_comm);
>  			incrash = KERNELPATH;
> Index: sys/kern/kern_sysctl.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
> diff -u -p -r1.458 kern_sysctl.c
> --- sys/kern/kern_sysctl.c	16 Dec 2024 21:22:51 -0000	1.458
> +++ sys/kern/kern_sysctl.c	16 Dec 2024 23:12:12 -0000
> @@ -606,6 +606,7 @@ kern_sysctl(int *name, u_int namelen, vo
>  	case KERN_NTHREADS:
>  	case KERN_SOMAXCONN:
>  	case KERN_SOMINCONN:
> +	case KERN_NOSUIDCOREDUMP:
>  	case KERN_FSYNC:
>  	case KERN_SYSVMSG:
>  	case KERN_SYSVSEM: