Date: Mon, 4 Jun 2018 12:26:06 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: rgrimes@freebsd.org, Warner Losh <imp@bsdimp.com>, Eitan Adler <eadler@freebsd.org>, src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r334543 - head/usr.bin/top Message-ID: <5B14CD6E.9020003@grosbein.net> In-Reply-To: <201806040507.w5457q5v007218@slippy.cwsent.com> References: <201806040507.w5457q5v007218@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
04.06.2018 12:07, Cy Schubert wrote: > In message <5B14C64B.2070602@grosbein.net>, Eugene Grosbein writes: >>>>>> Bad side effect of doing that is it is not hard to get a "core" >>>>>> from top when run as a user, as it is going to try to write >>>>>> to /, and it probably does not have permission for that. >> >> We already have global sysctl kern.corefile that can be changed to /var/tmp/% >> N.core >> >> Perhaps, a kernel could take a look to process environment to something like >> KERN_COREFILE variable for an override of that sysctl? > > Only if the file doesn't exist and the lowest level directory is > writable by UID. Even then if any directory within the path is not > searchable by UID it should be disallowed. Otherwise it would be a CVE. AFAIK all security checks are in place already for sysctl kern.corefile having default value relative to current working directory of the process (user).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5B14CD6E.9020003>