04.06.2018 12:07, Cy Schubert wrote: > In message <5b14c64b.2070...@grosbein.net>, Eugene Grosbein writes:
>>>>>> Bad side effect of doing that is it is not hard to get a "core" >>>>>> from top when run as a user, as it is going to try to write >>>>>> to /, and it probably does not have permission for that. >> >> We already have global sysctl kern.corefile that can be changed to /var/tmp/% >> N.core >> >> Perhaps, a kernel could take a look to process environment to something like >> KERN_COREFILE variable for an override of that sysctl? > > Only if the file doesn't exist and the lowest level directory is > writable by UID. Even then if any directory within the path is not > searchable by UID it should be disallowed. Otherwise it would be a CVE. AFAIK all security checks are in place already for sysctl kern.corefile having default value relative to current working directory of the process (user). _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
