Re: do_coredump and O_NOFOLLOW
On Wed, Aug 15, 2007 at 01:36:54PM +0800, gshan wrote: > I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. > This means the core file couldn't be a symbolic link. However, I want to > use symbolic link for core file I would recommend that you use # sysctl -w kernel.core_pattern=/tmp/core.%e.%p instead. See Documentation/sysctl/kernel.txt for details. -andy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: do_coredump and O_NOFOLLOW
On Wed, 15 Aug 2007 16:03:39 +0800, gshan said: > Bernd, Thanks for your reply. I don't think there are any hostile users > on the system. So it's relatively of security. I didn't hear of coreadm > tool before, Linux will become more powerful with coreadm. Well, *right now* you don't have hostile users. However, that can change, if a user's password gets compromised (often because they left it on a stick-it note on the monitor), or if somebody is running Firefox and accidentally hits a malicious site that exploits a Firefox bug, or if one of your company's employees didn't get the raise they wanted, so they're quitting and planning to kill the system on their way out the door pgpEqTSyivB3d.pgp Description: PGP signature
Re: do_coredump and O_NOFOLLOW
Bernd Eckenfels wrote: In article <[EMAIL PROTECTED]> you wrote: I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. I think that is for security reasons, otherwise one has to (atomically) check who is the owner of the symlink and where it points to. If you dont have hostile users on your system you might be able to remove it, but it is not a good idea in the general public. Maybe we need a coreadm tool like Solaris has, where you can put the corefiles where you want. That would change the corepattern to include a path and be specific to a process (tree). Gruss Bernd - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ Bernd, Thanks for your reply. I don't think there are any hostile users on the system. So it's relatively of security. I didn't hear of coreadm tool before, Linux will become more powerful with coreadm. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: do_coredump and O_NOFOLLOW
In article <[EMAIL PROTECTED]> you wrote: > I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. I think that is for security reasons, otherwise one has to (atomically) check who is the owner of the symlink and where it points to. If you dont have hostile users on your system you might be able to remove it, but it is not a good idea in the general public. Maybe we need a coreadm tool like Solaris has, where you can put the corefiles where you want. That would change the corepattern to include a path and be specific to a process (tree). Gruss Bernd - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: do_coredump and O_NOFOLLOW
In article [EMAIL PROTECTED] you wrote: I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. I think that is for security reasons, otherwise one has to (atomically) check who is the owner of the symlink and where it points to. If you dont have hostile users on your system you might be able to remove it, but it is not a good idea in the general public. Maybe we need a coreadm tool like Solaris has, where you can put the corefiles where you want. That would change the corepattern to include a path and be specific to a process (tree). Gruss Bernd - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: do_coredump and O_NOFOLLOW
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. I think that is for security reasons, otherwise one has to (atomically) check who is the owner of the symlink and where it points to. If you dont have hostile users on your system you might be able to remove it, but it is not a good idea in the general public. Maybe we need a coreadm tool like Solaris has, where you can put the corefiles where you want. That would change the corepattern to include a path and be specific to a process (tree). Gruss Bernd - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ Bernd, Thanks for your reply. I don't think there are any hostile users on the system. So it's relatively of security. I didn't hear of coreadm tool before, Linux will become more powerful with coreadm. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: do_coredump and O_NOFOLLOW
On Wed, 15 Aug 2007 16:03:39 +0800, gshan said: Bernd, Thanks for your reply. I don't think there are any hostile users on the system. So it's relatively of security. I didn't hear of coreadm tool before, Linux will become more powerful with coreadm. Well, *right now* you don't have hostile users. However, that can change, if a user's password gets compromised (often because they left it on a stick-it note on the monitor), or if somebody is running Firefox and accidentally hits a malicious site that exploits a Firefox bug, or if one of your company's employees didn't get the raise they wanted, so they're quitting and planning to kill the system on their way out the door pgpEqTSyivB3d.pgp Description: PGP signature
Re: do_coredump and O_NOFOLLOW
On Wed, Aug 15, 2007 at 01:36:54PM +0800, gshan wrote: I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. This means the core file couldn't be a symbolic link. However, I want to use symbolic link for core file I would recommend that you use # sysctl -w kernel.core_pattern=/tmp/core.%e.%p instead. See Documentation/sysctl/kernel.txt for details. -andy - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
do_coredump and O_NOFOLLOW
Hi All, I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. This means the core file couldn't be a symbolic link. However, I want to use symbolic link for core file, So I plan to remove O_NOFOLLOW as follows, but I'm not sure there are any impacts introduced by the change? file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE, 0600); TO file = filp_open(corename, O_CREAT | 2 /*| O_NOFOLLOW*/ | O_LARGEFILE, 0600); Thanks, Gavin - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
do_coredump and O_NOFOLLOW
Hi All, I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. This means the core file couldn't be a symbolic link. However, I want to use symbolic link for core file, So I plan to remove O_NOFOLLOW as follows, but I'm not sure there are any impacts introduced by the change? file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE, 0600); TO file = filp_open(corename, O_CREAT | 2 /*| O_NOFOLLOW*/ | O_LARGEFILE, 0600); Thanks, Gavin - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/