coredumps disallowed when creds are changed?
Eugene Grosbein
eugen at grosbein.net
Mon Oct 8 22:33:42 UTC 2018
09.10.2018 4:31, Ravi Pokala wrote:
> Greetings hackers.
>
> core(5) states:
>
>> By default, a process that changes user or group credentials
>> whether real or effective will not create a corefile.
>> This behaviour can be changed to generate a core dump by setting the sysctl(8) variable kern.sugid_coredump to 1.
>
> Can someone explain why?
Real/effective user/group id often are changed for a process started
by non-privilegied user running set[ug]id binary like csh/chpass/passwd(1)
that can read sensitive system data similar to /etc/master.passwd
containing password hashes. If such utility reads sensitive data
and then crashes due to a bug, its coredump may leak data to unexpected places
of file system like /home partition, then go to a dump/backup of file system,
get uploaded offsite as part of backup etc. That should not happen by default.
More information about the freebsd-hackers
mailing list