From ce61e2dd3564a97632ab64100320a56136fba610 Mon Sep 17 00:00:00 2001
From: christos <christos@NetBSD.org>
Date: Sat, 24 Sep 2011 22:53:50 +0000
Subject: [PATCH] Don't dump core on an existing core file we don't own. From
 OpenBSD, suggested by Greg Woods.

---
 sys/kern/kern_core.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/sys/kern/kern_core.c b/sys/kern/kern_core.c
index 50c8073faa7c..d88d280549a5 100644
--- a/sys/kern/kern_core.c
+++ b/sys/kern/kern_core.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_core.c,v 1.19 2011/09/23 00:03:29 christos Exp $	*/
+/*	$NetBSD: kern_core.c,v 1.20 2011/09/24 22:53:50 christos Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1991, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_core.c,v 1.19 2011/09/23 00:03:29 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_core.c,v 1.20 2011/09/24 22:53:50 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/vnode.h>
@@ -217,10 +217,16 @@ coredump(struct lwp *l, const char *pattern)
 	vp = nd.ni_vp;
 	pathbuf_destroy(pb);
 
-	/* Don't dump to non-regular files or files with links. */
+	/*
+	 * Don't dump to:
+	 * 	- non-regular files
+	 * 	- files with links
+	 * 	- files we don't own
+	 */
 	if (vp->v_type != VREG ||
-	    VOP_GETATTR(vp, &vattr, cred) || vattr.va_nlink != 1) {
-		error = EINVAL;
+	    VOP_GETATTR(vp, &vattr, cred) || vattr.va_nlink != 1 ||
+	    vattr.va_uid != kauth_cred_geteuid(cred)) {
+		error = EACCES;
 		goto out;
 	}
 	vattr_null(&vattr);