From owner-svn-src-head@freebsd.org Mon Jun 4 05:08:06 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3643DFF1425; Mon, 4 Jun 2018 05:08:06 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3653071B31; Mon, 4 Jun 2018 05:08:05 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id PhijfPEJSvB5RPhikfXdWG; Sun, 03 Jun 2018 23:07:58 -0600 X-Authority-Analysis: v=2.3 cv=PvS9kTE3 c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=kj9zAlcOel0A:10 a=7mUfYlMuFuIA:10 a=H0GPC0OhAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=lpi2_8yQhKmOCeYvemIA:9 a=CjuIK1q_8ugA:10 a=KczGKrPSgCPlefTG41c3:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 29F8D3310; Sun, 3 Jun 2018 22:07:53 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id w5457qcR007221; Sun, 3 Jun 2018 22:07:52 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id w5457q5v007218; Sun, 3 Jun 2018 22:07:52 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201806040507.w5457q5v007218@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Eugene Grosbein cc: rgrimes@freebsd.org, Warner Losh , Eitan Adler , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r334543 - head/usr.bin/top In-Reply-To: Message from Eugene Grosbein of "Mon, 04 Jun 2018 11:55:39 +0700." <5B14C64B.2070602@grosbein.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 03 Jun 2018 22:07:52 -0700 X-CMAE-Envelope: MS4wfLRlzWmFAbag00YS92YYNxQOZ9H3w+2Mso/mRjsIIjBgazIdKF450mEaF83p5L/j8fo15+nox29TcKhKvppkP18mk9CzRaWuvpTffSQjxj1yO2GoXBVS pXhfVm1xy6O3QXPMaXGd2xNQpd5PbRzC3I6Hps1zTIK9SOsLb5U+CQ97Ds8QuekP7PeFlvMidMwLfX/5cwXT/Utu12m6BR9uEdSiZlj9Pi2AOkyxxaTzvTbR cPbSmmgyyL0YlAi9rWsD/MaDpHZvoXPOdCud1aF11mvIGHrseEOB8ioWoQwMij+730sJPI97q3PyoGGwEUBBbdS9bYYHtYdTWZT7rXP2ji36bUjDJZ9toY5q xtI/2AUx X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2018 05:08:06 -0000 In message <5B14C64B.2070602@grosbein.net>, Eugene Grosbein writes: > 04.06.2018 4:33, Rodney W. Grimes wrote: > > >>>> Bad side effect of doing that is it is not hard to get a "core" > >>>> from top when run as a user, as it is going to try to write > >>>> to /, and it probably does not have permission for that. > > We already have global sysctl kern.corefile that can be changed to /var/tmp/% > N.core > > Perhaps, a kernel could take a look to process environment to something like > KERN_COREFILE variable for an override of that sysctl? > Only if the file doesn't exist and the lowest level directory is writable by UID. Even then if any directory within the path is not searchable by UID it should be disallowed. Otherwise it would be a CVE. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.