diff options
| author | Andreas Kling <kling@serenityos.org> | 2021-12-19 16:48:02 +0100 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-12-19 18:18:38 +0100 |
| commit | bc518e39bf7e64dd0edf5ca7b82b4d089ade532a (patch) | |
| tree | faef7adda92084e02a1951eb5d39efb4c214441e /Kernel/Process.cpp | |
| parent | 1cdc7aa0387bc4fe68a39b2e96519cf4269f6227 (diff) | |
| download | serenity-bc518e39bf7e64dd0edf5ca7b82b4d089ade532a.zip | |
Kernel: Make perfcore files owned by UID=0, GID=0
Since perfcore files can be generated during process finalization,
we can't just allow them to contain sensitive kernel information
if they're gonna be owned by the process's own UID+GID.
So instead, perfcores are now owned by 0:0. This is not the most
ergonomic solution, but I'm not sure what we could do to make it nicer.
We'll have to think more about that. In the meantime, this patches up
a kernel info leak. :^)
Diffstat (limited to 'Kernel/Process.cpp')
| -rw-r--r-- | Kernel/Process.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp index 87af43fff2..99155ff8cd 100644 --- a/Kernel/Process.cpp +++ b/Kernel/Process.cpp @@ -562,7 +562,7 @@ bool Process::dump_perfcore() auto perfcore_filename = String::formatted("{}.profile", base_filename); RefPtr<OpenFileDescription> description; for (size_t attempt = 1; attempt <= 10; ++attempt) { - auto description_or_error = VirtualFileSystem::the().open(perfcore_filename, O_CREAT | O_EXCL, 0400, current_directory(), UidAndGid { uid(), gid() }); + auto description_or_error = VirtualFileSystem::the().open(perfcore_filename, O_CREAT | O_EXCL, 0400, current_directory(), UidAndGid { 0, 0 }); if (!description_or_error.is_error()) { description = description_or_error.release_value(); break; |