Date: Mon, 23 Mar 2015 21:25:18 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Rui Paulo <rpaulo@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r280410 - head/sys/kern Message-ID: <5510CB0E.5010208@FreeBSD.org> In-Reply-To: <201503240217.t2O2HHgU052651@svn.freebsd.org> References: <201503240217.t2O2HHgU052651@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/23/15 9:17 PM, Rui Paulo wrote: > Author: rpaulo > Date: Tue Mar 24 02:17:17 2015 > New Revision: 280410 > URL: https://svnweb.freebsd.org/changeset/base/280410 > > Log: > Disable coredump_devctl because it could lead to leaking paths to > jails. > > Modified: > head/sys/kern/kern_sig.c > > Modified: head/sys/kern/kern_sig.c > ============================================================================== > --- head/sys/kern/kern_sig.c Tue Mar 24 01:32:46 2015 (r280409) > +++ head/sys/kern/kern_sig.c Tue Mar 24 02:17:17 2015 (r280410) > @@ -180,7 +180,7 @@ static int set_core_nodump_flag = 0; > SYSCTL_INT(_kern, OID_AUTO, nodump_coredump, CTLFLAG_RW, &set_core_nodump_flag, > 0, "Enable setting the NODUMP flag on coredump files"); > > -static int coredump_devctl = 1; > +static int coredump_devctl = 0; > SYSCTL_INT(_kern, OID_AUTO, coredump_devctl, CTLFLAG_RW, &coredump_devctl, > 0, "Generate a devctl notification when processes coredump"); > > If there is a security concern about this feature I think more needs to be done than just flipping the default. It could easily be forgotten about and make a release. -- Regards, Bryan Drewery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5510CB0E.5010208>