From 9d2a4e5dd0719150d7fa3ec3f46586e54449e3c4 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@dragonflybsd.org>
Date: Fri, 22 Feb 2008 18:42:21 +0000
Subject: [PATCH] Require the the core file be owned by the user.  Please also
 see the following URLs:

    http://www.freebsd.org/cgi/query-pr.cgi?pr=68905
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6206

Submitted-by: "Eduardo Tongson" <propolice@gmail.com>
Obtained-From: Volker <volker@vwsoft.com>
---
 sys/kern/kern_sig.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 60487f735b..b4d3cbca11 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -37,7 +37,7 @@
  *
  *	@(#)kern_sig.c	8.7 (Berkeley) 4/18/94
  * $FreeBSD: src/sys/kern/kern_sig.c,v 1.72.2.17 2003/05/16 16:34:34 obrien Exp $
- * $DragonFly: src/sys/kern/kern_sig.c,v 1.86 2007/12/06 15:03:25 corecode Exp $
+ * $DragonFly: src/sys/kern/kern_sig.c,v 1.87 2008/02/22 18:42:21 dillon Exp $
  */
 
 #include "opt_ktrace.h"
@@ -2066,6 +2066,12 @@ coredump(struct lwp *lp, int sig)
 		goto out1;
 	}
 
+	/* Don't dump to files current user does not own */
+	if (vattr.va_uid != p->p_ucred->cr_uid) {
+		error = EFAULT;
+		goto out1;
+	}
+
 	VATTR_NULL(&vattr);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	vattr.va_size = 0;
-- 
2.11.4.GIT