svn commit: r280410 - head/sys/kern

[Rui Paulo]

On Mar 23, 2015, at 19:25, Bryan Drewery <bdrewery at FreeBSD.org> wrote:
> 
> On 3/23/15 9:17 PM, Rui Paulo wrote:
>> Author: rpaulo
>> Date: Tue Mar 24 02:17:17 2015
>> New Revision: 280410
>> URL: https://svnweb.freebsd.org/changeset/base/280410
>> 
>> Log:
>>   Disable coredump_devctl because it could lead to leaking paths to
>>   jails.
>> 
>> Modified:
>>   head/sys/kern/kern_sig.c
>> 
>> Modified: head/sys/kern/kern_sig.c
>> ==============================================================================
>> --- head/sys/kern/kern_sig.c	Tue Mar 24 01:32:46 2015	(r280409)
>> +++ head/sys/kern/kern_sig.c	Tue Mar 24 02:17:17 2015	(r280410)
>> @@ -180,7 +180,7 @@ static int	set_core_nodump_flag = 0;
>>  SYSCTL_INT(_kern, OID_AUTO, nodump_coredump, CTLFLAG_RW, &set_core_nodump_flag,
>>  	0, "Enable setting the NODUMP flag on coredump files");
>> 
>> -static int	coredump_devctl = 1;
>> +static int	coredump_devctl = 0;
>>  SYSCTL_INT(_kern, OID_AUTO, coredump_devctl, CTLFLAG_RW, &coredump_devctl,
>>  	0, "Generate a devctl notification when processes coredump");
>> 
>> 
> 
> If there is a security concern about this feature I think more needs to be done than just flipping the default. It could easily be forgotten about and make a release.

Sure, but to be honest there are already sysctls that make your system insecure and we've been making releases with them for many years.

--
Rui Paulo