Date: Mon, 23 Mar 2015 19:35:42 -0700 From: Rui Paulo <rpaulo@me.com> To: Bryan Drewery <bdrewery@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Rui Paulo <rpaulo@FreeBSD.org> Subject: Re: svn commit: r280410 - head/sys/kern Message-ID: <29715C14-0AC2-43A2-A718-E89AC3C57AC0@me.com> In-Reply-To: <5510CB0E.5010208@FreeBSD.org> References: <201503240217.t2O2HHgU052651@svn.freebsd.org> <5510CB0E.5010208@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 23, 2015, at 19:25, Bryan Drewery <bdrewery@FreeBSD.org> wrote: >=20 > On 3/23/15 9:17 PM, Rui Paulo wrote: >> Author: rpaulo >> Date: Tue Mar 24 02:17:17 2015 >> New Revision: 280410 >> URL: https://svnweb.freebsd.org/changeset/base/280410 >>=20 >> Log: >> Disable coredump_devctl because it could lead to leaking paths to >> jails. >>=20 >> Modified: >> head/sys/kern/kern_sig.c >>=20 >> Modified: head/sys/kern/kern_sig.c >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> --- head/sys/kern/kern_sig.c Tue Mar 24 01:32:46 2015 = (r280409) >> +++ head/sys/kern/kern_sig.c Tue Mar 24 02:17:17 2015 = (r280410) >> @@ -180,7 +180,7 @@ static int set_core_nodump_flag =3D 0; >> SYSCTL_INT(_kern, OID_AUTO, nodump_coredump, CTLFLAG_RW, = &set_core_nodump_flag, >> 0, "Enable setting the NODUMP flag on coredump files"); >>=20 >> -static int coredump_devctl =3D 1; >> +static int coredump_devctl =3D 0; >> SYSCTL_INT(_kern, OID_AUTO, coredump_devctl, CTLFLAG_RW, = &coredump_devctl, >> 0, "Generate a devctl notification when processes coredump"); >>=20 >>=20 >=20 > If there is a security concern about this feature I think more needs = to be done than just flipping the default. It could easily be forgotten = about and make a release. Sure, but to be honest there are already sysctls that make your system = insecure and we've been making releases with them for many years. -- Rui Paulo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29715C14-0AC2-43A2-A718-E89AC3C57AC0>