FreeBSD Mail Archives

Date:      Mon, 23 Mar 2015 19:35:42 -0700
From:      Rui Paulo <rpaulo@me.com>
To:        Bryan Drewery <bdrewery@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Rui Paulo <rpaulo@FreeBSD.org>
Subject:   Re: svn commit: r280410 - head/sys/kern
Message-ID:  <29715C14-0AC2-43A2-A718-E89AC3C57AC0@me.com>
In-Reply-To: <5510CB0E.5010208@FreeBSD.org>
References:  <201503240217.t2O2HHgU052651@svn.freebsd.org> <5510CB0E.5010208@FreeBSD.org>

On Mar 23, 2015, at 19:25, Bryan Drewery <bdrewery@FreeBSD.org> wrote:
>=20
> On 3/23/15 9:17 PM, Rui Paulo wrote:
>> Author: rpaulo
>> Date: Tue Mar 24 02:17:17 2015
>> New Revision: 280410
>> URL: https://svnweb.freebsd.org/changeset/base/280410
>>=20
>> Log:
>>   Disable coredump_devctl because it could lead to leaking paths to
>>   jails.
>>=20
>> Modified:
>>   head/sys/kern/kern_sig.c
>>=20
>> Modified: head/sys/kern/kern_sig.c
>> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
>> --- head/sys/kern/kern_sig.c	Tue Mar 24 01:32:46 2015	=
(r280409)
>> +++ head/sys/kern/kern_sig.c	Tue Mar 24 02:17:17 2015	=
(r280410)
>> @@ -180,7 +180,7 @@ static int	set_core_nodump_flag =3D 0;
>>  SYSCTL_INT(_kern, OID_AUTO, nodump_coredump, CTLFLAG_RW, =
&set_core_nodump_flag,
>>  	0, "Enable setting the NODUMP flag on coredump files");
>>=20
>> -static int	coredump_devctl =3D 1;
>> +static int	coredump_devctl =3D 0;
>>  SYSCTL_INT(_kern, OID_AUTO, coredump_devctl, CTLFLAG_RW, =
&coredump_devctl,
>>  	0, "Generate a devctl notification when processes coredump");
>>=20
>>=20
>=20
> If there is a security concern about this feature I think more needs =
to be done than just flipping the default. It could easily be forgotten =
about and make a release.

Sure, but to be honest there are already sysctls that make your system =
insecure and we've been making releases with them for many years.

--
Rui Paulo

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29715C14-0AC2-43A2-A718-E89AC3C57AC0>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation