+ /* Now, let's drop privileges to become the user who owns the
+ * segfaulted process and allocate the coredump memory under
+ * his uid. This also ensures that the credentials journald
+ * will see are the ones of the coredumping user, thus making
+ * sure the user himself gets access to the core dump. */
+
+ if (setresgid(gid, gid, gid) < 0 ||
+ setresuid(uid, uid, uid) < 0) {
+ log_error("Failed to drop privileges: %m");
+ r = -errno;
+ goto finish;
+ }
+
+ coredump_bufsize = COREDUMP_MIN_START;
+ coredump_data = malloc(coredump_bufsize);
+ if (!coredump_data) {
+ log_warning("Failed to allocate memory for core, core will not be stored.");
+ goto finalize;
+ }
+
+ memcpy(coredump_data, "COREDUMP=", 9);
+ coredump_size = 9;
+
+ for (;;) {
+ n = loop_read(STDIN_FILENO, coredump_data + coredump_size,
+ coredump_bufsize - coredump_size, false);
+ if (n < 0) {
+ log_error("Failed to read core data: %s", strerror(-n));
+ r = (int) n;
+ goto finish;
+ } else if (n == 0)
+ break;
+
+ coredump_size += n;
+
+ if (coredump_size > COREDUMP_MAX) {
+ log_error("Core too large, core will not be stored.");
+ goto finalize;
+ }
+
+ if (!GREEDY_REALLOC(coredump_data, coredump_bufsize, coredump_size + 1)) {
+ log_warning("Failed to allocate memory for core, core will not be stored.");
+ goto finalize;
+ }
+ }
+
+ iovec[j].iov_base = coredump_data;
+ iovec[j].iov_len = coredump_size;
+ j++;
+
+finalize: