Re: svn commit: r280410 - head/sys/kern

Mon, 23 Mar 2015 19:48:07 -0700 

On 3/23/15 9:35 PM, Rui Paulo wrote:

On Mar 23, 2015, at 19:25, Bryan Drewery <bdrew...@freebsd.org> wrote:


On 3/23/15 9:17 PM, Rui Paulo wrote:

Author: rpaulo
Date: Tue Mar 24 02:17:17 2015
New Revision: 280410
URL: https://svnweb.freebsd.org/changeset/base/280410

Log:
   Disable coredump_devctl because it could lead to leaking paths to
   jails.

Modified:
   head/sys/kern/kern_sig.c

Modified: head/sys/kern/kern_sig.c
==============================================================================
--- head/sys/kern/kern_sig.c    Tue Mar 24 01:32:46 2015        (r280409)
+++ head/sys/kern/kern_sig.c    Tue Mar 24 02:17:17 2015        (r280410)
@@ -180,7 +180,7 @@ static int  set_core_nodump_flag = 0;
  SYSCTL_INT(_kern, OID_AUTO, nodump_coredump, CTLFLAG_RW, 
&set_core_nodump_flag,
        0, "Enable setting the NODUMP flag on coredump files");

-static int     coredump_devctl = 1;
+static int     coredump_devctl = 0;
  SYSCTL_INT(_kern, OID_AUTO, coredump_devctl, CTLFLAG_RW, &coredump_devctl,
        0, "Generate a devctl notification when processes coredump");




If there is a security concern about this feature I think more needs to be done 
than just flipping the default. It could easily be forgotten about and make a 
release.


Sure, but to be honest there are already sysctls that make your system insecure 
and we've been making releases with them for many years.

--
Rui Paulo



I just think the known issue should be documented at the least.

--
Regards,
Bryan Drewery
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"






















					Reply via email to