X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fcoredump.c;h=f6b95145d20d22bd8fd33c13c09a966cd1e44007;hp=8678ec6a59e131db22ac43924728eafd0d7dee9f;hb=f11943c53ec181829a821c6b27acf828bab71caa;hpb=ae6c3cc009a21df4b51851fb8fe3fde0b7d6d8f0

diff --git a/src/journal/coredump.c b/src/journal/coredump.c
index 8678ec6a5..f6b95145d 100644
--- a/src/journal/coredump.c
+++ b/src/journal/coredump.c
@@ -31,9 +31,8 @@
 #  include <elfutils/libdwfl.h>
 #endif
 
-#include "systemd/sd-journal.h"
-#include "systemd/sd-login.h"
-
+#include "sd-journal.h"
+#include "sd-login.h"
 #include "log.h"
 #include "util.h"
 #include "fileio.h"
@@ -42,19 +41,16 @@
 #include "mkdir.h"
 #include "special.h"
 #include "cgroup-util.h"
-#include "journald-native.h"
 #include "conf-parser.h"
 #include "copy.h"
 #include "stacktrace.h"
 #include "path-util.h"
 #include "compress.h"
+#include "acl-util.h"
+#include "capability.h"
+#include "journald-native.h"
 #include "coredump-vacuum.h"
 
-#ifdef HAVE_ACL
-#  include <sys/acl.h>
-#  include "acl-util.h"
-#endif
-
 /* The maximum size up to which we process coredumps */
 #define PROCESS_SIZE_MAX ((off_t) (2LLU*1024LLU*1024LLU*1024LLU))
 
@@ -316,7 +312,7 @@ static int save_external_coredump(
         if (fd < 0)
                 return log_error_errno(errno, "Failed to create coredump file %s: %m", tmp);
 
-        r = copy_bytes(STDIN_FILENO, fd, arg_process_size_max);
+        r = copy_bytes(STDIN_FILENO, fd, arg_process_size_max, false);
         if (r == -EFBIG) {
                 log_error("Coredump of %s (%s) is larger than configured processing limit, refusing.", info[INFO_PID], info[INFO_COMM]);
                 goto fail;
@@ -814,11 +810,12 @@ int main(int argc, char* argv[]) {
          * segfaulted process and allocate the coredump memory under
          * the user's uid. This also ensures that the credentials
          * journald will see are the ones of the coredumping user,
-         * thus making sure the user gets access to the core dump. */
-        if (setresgid(gid, gid, gid) < 0 ||
-            setresuid(uid, uid, uid) < 0) {
-                log_error_errno(errno, "Failed to drop privileges: %m");
-                r = -errno;
+         * thus making sure the user gets access to the core
+         * dump. Let's also get rid of all capabilities, if we run as
+         * root, we won't need them anymore. */
+        r = drop_privileges(uid, gid, 0);
+        if (r < 0) {
+                log_error_errno(r, "Failed to drop privileges: %m");
                 goto finish;
         }