Coredumping design error
Eduardo Tongson
propolice at gmail.com
Fri Feb 15 17:58:29 PST 2008
Hello Simon,
In my opinion checking for ownership is better. We are avoiding other
possible(?) bugs e.g. allowing to read files you don't own but resides
on a directory you own. I also noticed that non-root users trying to
coredump on other non-root users pre-created dumps fail silently.
By the way as seen in my patch, we wouldn't want to hard code != 0
because DragonFly may implement a type enforcement system or
authorization framework.
Up to you guys. I might be missing something.
Cheers,
Ed
On Feb 16, 2008 4:03 AM, Simon 'corecode' Schubert
<corecode at fs.ei.tum.de> wrote:
> Eduardo Tongson wrote:
> >> su
> > Password:
> > syslog: Feb 16 09:40:56 su: user to root on /dev/ttyd0
> > # ./coredumper
> > Segmentation fault (core dumped)
> > syslog: Feb 16 09:41:14 kernel: pid 728 (coredumper), uid 0: exited
> > on signal 11 (core dumped)
> > # md5 coredumper.core
> > MD5 (coredumper.core) = 68e3e5fee874e688c795537721a6b511
> > # ls -la coredumper.core
> > -rw------- 1 user user 1003520 Feb 16 09:41 coredumper.core
> > #
> >
> > I was not able to test the below patch. Trivial enough to fix if broken.
> >
> > --- kern_sig.c 2008-02-14 13:41:12.000000000 +0800
> > +++ kern_sig-20080216.c 2008-02-16 01:15:01.000000000 +0800
> > @@ -2066,6 +2066,12 @@ coredump(struct lwp *lp, int sig)
> > goto out1;
> > }
> >
> > + /* Don't dump to files current user does not own */
>
> Shouldn't we rather remove the file and recreate a new file (which then
> will be owned by root)?
>
> cheers
> simon
>
>
More information about the Bugs
mailing list