DragonFly bugs List (threaded) for 2008-02
DragonFly BSD
DragonFly bugs List (threaded) for 2008-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Coredumping design error


From: "Eduardo Tongson" <propolice@xxxxxxxxx>
Date: Sat, 16 Feb 2008 09:55:18 +0800

Hello Simon,

In my opinion checking for ownership is better. We are avoiding other
possible(?) bugs e.g. allowing to read files you don't own but resides
on a directory you own. I also noticed that non-root users trying to
coredump on other non-root users pre-created dumps fail silently.

By the way as seen in my patch, we wouldn't want to hard code != 0
because DragonFly may implement a type enforcement system or
authorization framework.

Up to you guys. I might be missing something.

Cheers,
   Ed


On Feb 16, 2008 4:03 AM, Simon 'corecode' Schubert
<corecode@fs.ei.tum.de> wrote:
> Eduardo Tongson wrote:
> >> su
> > Password:
> > syslog: Feb 16 09:40:56  su: user to root on /dev/ttyd0
> > # ./coredumper
> > Segmentation fault (core dumped)
> > syslog: Feb 16 09:41:14  kernel: pid 728 (coredumper), uid 0: exited
> > on signal 11 (core dumped)
> > # md5 coredumper.core
> > MD5 (coredumper.core) = 68e3e5fee874e688c795537721a6b511
> > # ls -la coredumper.core
> > -rw-------  1 user  user  1003520 Feb 16 09:41 coredumper.core
> > #
> >
> > I was not able to test the below patch. Trivial enough to fix if broken.
> >
> > --- kern_sig.c        2008-02-14 13:41:12.000000000 +0800
> > +++ kern_sig-20080216.c       2008-02-16 01:15:01.000000000 +0800
> > @@ -2066,6 +2066,12 @@ coredump(struct lwp *lp, int sig)
> >               goto out1;
> >       }
> >
> > +        /* Don't dump to files current user does not own */
>
> Shouldn't we rather remove the file and recreate a new file (which then
> will be owned by root)?
>
> cheers
>   simon
>
>



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]