coredumps disallowed when creds are changed?
Ravi Pokala
rpokala at freebsd.org
Mon Oct 8 22:48:49 UTC 2018
-----Original Message-----
From: Eugene Grosbein <eugen at grosbein.net>
Date: 2018-10-08, Monday at 15:33
To: Ravi Pokala <rpokala at freebsd.org>, "freebsd-hackers at freebsd.org" <freebsd-hackers at freebsd.org>
Subject: Re: coredumps disallowed when creds are changed?
> 09.10.2018 4:31, Ravi Pokala wrote:
>
>> Greetings hackers.
>>
>> core(5) states:
>>
>>> By default, a process that changes user or group credentials
>>> whether real or effective will not create a corefile.
>>> This behaviour can be changed to generate a core dump by setting the sysctl(8) variable kern.sugid_coredump to 1.
>>
>> Can someone explain why?
>
> Real/effective user/group id often are changed for a process started
> by non-privilegied user running set[ug]id binary like csh/chpass/passwd(1)
> that can read sensitive system data similar to /etc/master.passwd
> containing password hashes. If such utility reads sensitive data
> and then crashes due to a bug, its coredump may leak data to unexpected places
> of file system like /home partition, then go to a dump/backup of file system,
> get uploaded offsite as part of backup etc. That should not happen by default.
That makes perfect sense. Thanks Eugene!
-Ravi (rpokala@)
More information about the freebsd-hackers
mailing list