On Mar 23, 2015, at 19:25, Bryan Drewery <bdrew...@freebsd.org> wrote: > > On 3/23/15 9:17 PM, Rui Paulo wrote: >> Author: rpaulo >> Date: Tue Mar 24 02:17:17 2015 >> New Revision: 280410 >> URL: https://svnweb.freebsd.org/changeset/base/280410 >> >> Log: >> Disable coredump_devctl because it could lead to leaking paths to >> jails. >> >> Modified: >> head/sys/kern/kern_sig.c >> >> Modified: head/sys/kern/kern_sig.c >> ============================================================================== >> --- head/sys/kern/kern_sig.c Tue Mar 24 01:32:46 2015 (r280409) >> +++ head/sys/kern/kern_sig.c Tue Mar 24 02:17:17 2015 (r280410) >> @@ -180,7 +180,7 @@ static int set_core_nodump_flag = 0; >> SYSCTL_INT(_kern, OID_AUTO, nodump_coredump, CTLFLAG_RW, >> &set_core_nodump_flag, >> 0, "Enable setting the NODUMP flag on coredump files"); >> >> -static int coredump_devctl = 1; >> +static int coredump_devctl = 0; >> SYSCTL_INT(_kern, OID_AUTO, coredump_devctl, CTLFLAG_RW, &coredump_devctl, >> 0, "Generate a devctl notification when processes coredump"); >> >> > > If there is a security concern about this feature I think more needs to be > done than just flipping the default. It could easily be forgotten about and > make a release.
Sure, but to be honest there are already sysctls that make your system insecure and we've been making releases with them for many years. -- Rui Paulo _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"