rpms/systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
a10
systemd/0454-Revert-coredump-when-F-pidfd-is-used-again-allow-for.patch
AlmaLinux RelEng Bot 965552652c import UBI systemd-257-13.el10_1.3
2026-05-05 07:25:07 -04:00

54 lines
2.5 KiB
Diff
Raw Permalink Blame History

From dd0b6f16a367e8b1e5fb97233fb1c2099d0c4629 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 13 Jan 2026 17:45:45 +0100
Subject: [PATCH] Revert "coredump: when %F/pidfd is used, again allow
forwarding to containers"
This reverts commit 1a01ba0f895a8781908cfebfa1d74f326f6faacb.
Reverts: RHEL-104135
---
src/coredump/coredump.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 67abc20ec5..940eb44528 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -155,7 +155,6 @@ typedef struct Context {
uint64_t rlimit;
bool is_pid1;
bool is_journald;
- bool got_pidfd;
int mount_tree_fd;
/* These point into external memory, are not owned by this object */
@@ -1404,8 +1403,6 @@ static int gather_pid_metadata_from_argv(
if (r < 0)
return log_error_errno(r, "Failed to initialize pidref from pidfd %d: %m", kernel_fd);
- context->got_pidfd = 1;
-
/* If there are containers involved with different versions of the code they might
* not be using pidfds, so it would be wrong to set the metadata, skip it. */
r = in_same_namespace(/* pid1 = */ 0, context->pidref.pid, NAMESPACE_PID);
@@ -1624,11 +1621,13 @@ static int can_forward_coredump(Context *context, pid_t pid) {
assert(context);
- /* We need to avoid a situation where the attacker crashes a SUID process or a root daemon and
- * quickly replaces it with a namespaced process and we forward the coredump to the attacker, into
- * the namespace. With %F/pidfd we can reliably check the namespace of the original process, hence we
- * can allow forwarding. */
- if (!context->got_pidfd && context->dumpable != 1)
+ /* We don't use %F/pidfd to pin down the crashed process yet. We need to avoid a situation where the
+ * attacker crashes a SUID process or a root daemon and quickly replaces it with a namespaced process
+ * and we forward the initial part of the coredump to the attacker, inside the namespace.
+ *
+ * TODO: relax this check when %F is implemented and used.
+ */
+ if (context->dumpable != 1)
return false;
r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &cgroup);
Reference in New Issue View Git Blame Copy Permalink