svn commit: r335690 - head/sys/kern

Warner Losh imp at bsdimp.com
Wed Jun 27 13:46:30 UTC 2018 

On Wed, Jun 27, 2018 at 7:44 AM, Shawn Webb <shawn.webb at hardenedbsd.org>
wrote:

> On Wed, Jun 27, 2018 at 07:42:52AM -0600, Warner Losh wrote:
> > On Wed, Jun 27, 2018 at 12:59 AM, Oliver Pinter <
> > oliver.pinter at hardenedbsd.org> wrote:
> >
> > >
> > >
> > > On Wednesday, June 27, 2018, Warner Losh <imp at freebsd.org> wrote:
> > >
> > >> Author: imp
> > >> Date: Wed Jun 27 04:11:09 2018
> > >> New Revision: 335690
> > >> URL: https://svnweb.freebsd.org/changeset/base/335690
> > >>
> > >> Log:
> > >>   Fix devctl generation for core files.
> > >>
> > >>   We have a problem with vn_fullpath_global when the file exists. Work
> > >>   around it by printing the full path if the core file name starts
> with /,
> > >>   or current working directory followed by the filename if not.
> > >>
> > >>   Sponsored by: Netflix
> > >>   Differential Review: https://reviews.freebsd.org/D16026
> > >>
> > >> Modified:
> > >>   head/sys/kern/kern_sig.c
> > >>
> > >> Modified: head/sys/kern/kern_sig.c
> > >> ============================================================
> > >> ==================
> > >> --- head/sys/kern/kern_sig.c    Wed Jun 27 04:10:48 2018
> (r335689)
> > >> +++ head/sys/kern/kern_sig.c    Wed Jun 27 04:11:09 2018
> (r335690)
> > >> @@ -3431,24 +3431,6 @@ out:
> > >>         return (0);
> > >>  }
> > >>
> > >> -static int
> > >> -coredump_sanitise_path(const char *path)
> > >> -{
> > >> -       size_t i;
> > >> -
> > >> -       /*
> > >> -        * Only send a subset of ASCII to devd(8) because it
> > >> -        * might pass these strings to sh -c.
> > >> -        */
> > >> -       for (i = 0; path[i]; i++)
> > >> -               if (!(isalpha(path[i]) || isdigit(path[i])) &&
> > >> -                   path[i] != '/' && path[i] != '.' &&
> > >> -                   path[i] != '-')
> > >> -                       return (0);
> > >
> > >
> > > This part of code existed to prevent shell code injection via file
> names.
> > > After this commit we lose this.
> > >
> >
> > It's devd's job to prevent that, not the kernel's.
>
> Has devd been updated? Or is this particular vulnerability manifest
> again?
>

devd is fine as far as I know, apart from the default action. I'm fixing
that now.

Warner

More information about the svn-src-all mailing list