svn commit: r280410 - head/sys/kern
Bryan Drewery
bdrewery at FreeBSD.org
Tue Mar 24 02:25:20 UTC 2015
On 3/23/15 9:17 PM, Rui Paulo wrote:
> Author: rpaulo
> Date: Tue Mar 24 02:17:17 2015
> New Revision: 280410
> URL: https://svnweb.freebsd.org/changeset/base/280410
>
> Log:
> Disable coredump_devctl because it could lead to leaking paths to
> jails.
>
> Modified:
> head/sys/kern/kern_sig.c
>
> Modified: head/sys/kern/kern_sig.c
> ==============================================================================
> --- head/sys/kern/kern_sig.c Tue Mar 24 01:32:46 2015 (r280409)
> +++ head/sys/kern/kern_sig.c Tue Mar 24 02:17:17 2015 (r280410)
> @@ -180,7 +180,7 @@ static int set_core_nodump_flag = 0;
> SYSCTL_INT(_kern, OID_AUTO, nodump_coredump, CTLFLAG_RW, &set_core_nodump_flag,
> 0, "Enable setting the NODUMP flag on coredump files");
>
> -static int coredump_devctl = 1;
> +static int coredump_devctl = 0;
> SYSCTL_INT(_kern, OID_AUTO, coredump_devctl, CTLFLAG_RW, &coredump_devctl,
> 0, "Generate a devctl notification when processes coredump");
>
>
If there is a security concern about this feature I think more needs to
be done than just flipping the default. It could easily be forgotten
about and make a release.
--
Regards,
Bryan Drewery
More information about the svn-src-all
mailing list