From owner-svn-src-all@FreeBSD.ORG Tue Mar 24 02:15:33 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A0D90692; Tue, 24 Mar 2015 02:15:33 +0000 (UTC) Received: from st11p02mm-asmtp002.mac.com (st11p02mm-asmtp002.mac.com [17.172.220.237]) (using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 72BE4250; Tue, 24 Mar 2015 02:15:33 +0000 (UTC) Received: from fukuyama.hsd1.ca.comcast.net (unknown [73.162.13.215]) by st11p02mm-asmtp002.mac.com (Oracle Communications Messaging Server 7.0.5.35.0 64bit (built Dec 4 2014)) with ESMTPSA id <0NLP00HPQ29B9H00@st11p02mm-asmtp002.mac.com>; Tue, 24 Mar 2015 02:15:14 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68,1.0.33,0.0.0000 definitions=2015-03-23_05:2015-03-23,2015-03-23,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1412110000 definitions=main-1503240021 Content-type: text/plain; charset=us-ascii MIME-version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) Subject: Re: svn commit: r278479 - in head: etc sys/kern From: Rui Paulo In-reply-to: <20150323010836.GC6798@dft-labs.eu> Date: Mon, 23 Mar 2015 19:15:11 -0700 Content-transfer-encoding: quoted-printable Message-id: <7FC385F3-9E5E-444D-BA2C-4364E2D46656@me.com> References: <201502092313.t19NDpoS083043@svn.freebsd.org> <20150323010836.GC6798@dft-labs.eu> To: Mateusz Guzik X-Mailer: Apple Mail (2.2070.6) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Rui Paulo X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2015 02:15:33 -0000 On Mar 22, 2015, at 18:08, Mateusz Guzik wrote: >=20 > On Mon, Feb 09, 2015 at 11:13:51PM +0000, Rui Paulo wrote: >> Author: rpaulo >> Date: Mon Feb 9 23:13:50 2015 >> New Revision: 278479 >> URL: https://svnweb.freebsd.org/changeset/base/278479 >>=20 >> Log: >> Notify devd(8) when a process crashed. >>=20 >> This change implements a notification (via devctl) to userland when >> the kernel produces coredumps after a process has crashed. >> devd can then run a specific command to produce a human readable = crash >> report. The command is most usually a helper that runs gdb/lldb >> commands on the file/coredump pair. It's possible to use this >> functionality for implementing automatic generation of crash = reports. >>=20 >> devd(8) will be notified of the full path of the binary that crashed = and >> the full path of the coredump file. >>=20 >=20 > The more I look at this the more I'm convinced this is quite insecure. >=20 > At a minimum this should also grow a flag to decide whether = notification > about jailed process crashes are allowed. Off by default. >=20 > As it is you pass a path leading to a jail, but that's inherently > untrusted and will lead to trouble. We got sidetracked by the devd-bloat discussion, but I can turn this off = until a better approach is programmed.=20 -- Rui Paulo