Date: Wed, 27 Jun 2018 07:45:16 -0600 From: Warner Losh <imp@bsdimp.com> To: Oliver Pinter <oliver.pinter@hardenedbsd.org> Cc: Warner Losh <imp@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r335690 - head/sys/kern Message-ID: <CANCZdfruYzZ4JZGKSkFv2OuHPY3S9YzGANSRPSZmkV-FyeZUpA@mail.gmail.com> In-Reply-To: <CANCZdfoj8te2JOiLQPT4PWGYaGtsXVu-h=4v2G353zQ7Q_3O_Q@mail.gmail.com> References: <201806270411.w5R4B9ZB078994@repo.freebsd.org> <CAPQ4fftmp=51uCDL-p4deQwZ90c9op0GymWex45S%2BbW2HO-PRg@mail.gmail.com> <CANCZdfoj8te2JOiLQPT4PWGYaGtsXVu-h=4v2G353zQ7Q_3O_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 27, 2018 at 7:42 AM, Warner Losh <imp@bsdimp.com> wrote: > > > On Wed, Jun 27, 2018 at 12:59 AM, Oliver Pinter < > oliver.pinter@hardenedbsd.org> wrote: > >> >> >> On Wednesday, June 27, 2018, Warner Losh <imp@freebsd.org> wrote: >> >>> Author: imp >>> Date: Wed Jun 27 04:11:09 2018 >>> New Revision: 335690 >>> URL: https://svnweb.freebsd.org/changeset/base/335690 >>> >>> Log: >>> Fix devctl generation for core files. >>> >>> We have a problem with vn_fullpath_global when the file exists. Work >>> around it by printing the full path if the core file name starts with >>> /, >>> or current working directory followed by the filename if not. >>> >>> Sponsored by: Netflix >>> Differential Review: https://reviews.freebsd.org/D16026 >>> >>> Modified: >>> head/sys/kern/kern_sig.c >>> >>> Modified: head/sys/kern/kern_sig.c >>> ============================================================ >>> ================== >>> --- head/sys/kern/kern_sig.c Wed Jun 27 04:10:48 2018 (r335689) >>> +++ head/sys/kern/kern_sig.c Wed Jun 27 04:11:09 2018 (r335690) >>> @@ -3431,24 +3431,6 @@ out: >>> return (0); >>> } >>> >>> -static int >>> -coredump_sanitise_path(const char *path) >>> -{ >>> - size_t i; >>> - >>> - /* >>> - * Only send a subset of ASCII to devd(8) because it >>> - * might pass these strings to sh -c. >>> - */ >>> - for (i = 0; path[i]; i++) >>> - if (!(isalpha(path[i]) || isdigit(path[i])) && >>> - path[i] != '/' && path[i] != '.' && >>> - path[i] != '-') >>> - return (0); >> >> >> This part of code existed to prevent shell code injection via file names. >> After this commit we lose this. >> > > It's devd's job to prevent that, not the kernel's. > Though the default action doesn't at the moment... I'll fix that with proper quoting. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfruYzZ4JZGKSkFv2OuHPY3S9YzGANSRPSZmkV-FyeZUpA>