svn commit: r278494 - head/sys/kern
Ian Lepore
ian at freebsd.org
Tue Feb 10 06:02:38 UTC 2015
On Mon, 2015-02-09 at 20:46 -0800, Rui Paulo wrote:
> On Feb 9, 2015, at 20:34, Rui Paulo <rpaulo at FreeBSD.org> wrote:
> >
> > Author: rpaulo
> > Date: Tue Feb 10 04:34:39 2015
> > New Revision: 278494
> > URL: https://svnweb.freebsd.org/changeset/base/278494
> >
> > Log:
> > Sanitise the coredump file names sent to devd.
> >
> > While there, add a sysctl to turn this feature off as requested by
> > kib at .
>
> I wanted to get the sanitiser code in ASAP, but, as suggested by stas@ offline, we think devd should also provide an action mode that runs a command outside sh(1) and without using $PATH.
>
> --
> Rui Paulo
>
>
>
>
>
Or... we could consider restoring devd to its original relatively benign
existance handling device-related events, and move handling of crash
dumps into a separate daemon which can shoulder the burden of security
for itself.
At $work we listen to the devd re-distribute port to handle device
events in our apps, and having an ever-growing flood of stuff that's got
nothing to do with devices is going to have a negative impact on
applications that do such things.
-- Ian
More information about the svn-src-head
mailing list