Date: Mon, 23 Mar 2015 19:15:11 -0700 From: Rui Paulo <rpaulo@me.com> To: Mateusz Guzik <mjguzik@gmail.com> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Rui Paulo <rpaulo@FreeBSD.org> Subject: Re: svn commit: r278479 - in head: etc sys/kern Message-ID: <7FC385F3-9E5E-444D-BA2C-4364E2D46656@me.com> In-Reply-To: <20150323010836.GC6798@dft-labs.eu> References: <201502092313.t19NDpoS083043@svn.freebsd.org> <20150323010836.GC6798@dft-labs.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 22, 2015, at 18:08, Mateusz Guzik <mjguzik@gmail.com> wrote: >=20 > On Mon, Feb 09, 2015 at 11:13:51PM +0000, Rui Paulo wrote: >> Author: rpaulo >> Date: Mon Feb 9 23:13:50 2015 >> New Revision: 278479 >> URL: https://svnweb.freebsd.org/changeset/base/278479 >>=20 >> Log: >> Notify devd(8) when a process crashed. >>=20 >> This change implements a notification (via devctl) to userland when >> the kernel produces coredumps after a process has crashed. >> devd can then run a specific command to produce a human readable = crash >> report. The command is most usually a helper that runs gdb/lldb >> commands on the file/coredump pair. It's possible to use this >> functionality for implementing automatic generation of crash = reports. >>=20 >> devd(8) will be notified of the full path of the binary that crashed = and >> the full path of the coredump file. >>=20 >=20 > The more I look at this the more I'm convinced this is quite insecure. >=20 > At a minimum this should also grow a flag to decide whether = notification > about jailed process crashes are allowed. Off by default. >=20 > As it is you pass a path leading to a jail, but that's inherently > untrusted and will lead to trouble. We got sidetracked by the devd-bloat discussion, but I can turn this off = until a better approach is programmed.=20 -- Rui Paulo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7FC385F3-9E5E-444D-BA2C-4364E2D46656>