The issue described in the article was fixed by requiring an absolute
path in core_pattern (If I understand it correctly).
If core_pattern is unsafe, the process is not dumped at all (man 5 proc).
The kernel commit adds a warning, because kernel was silently ignoring
crashes and no one could notice.
Regards,
Jakub
On 02/12/2016 07:32 PM, Richard W.M. Jones wrote:
On Fri, Feb 12, 2016 at 07:24:06AM -0500, Jakub Filak wrote:
The default value 0 is there for good security reason, but I would
like to propose changing the default value to 2 for development
Fedora releases (Alpha, Beta, Rawhide). In this case, kernel would
send core dump to ABRT (or systemd-coredump) and the ABRT record
would be accessible only to root.
It seems like this would be unsafe if core_pattern is not a pipe or
fully qualified path.
Ref: https://lwn.net/Articles/503682/
That's fine when ABRT is running, but would be unsafe if someone
disabled ABRT by directly setting core_pattern (eg. to "core.%p"), but
forgot about suid_dumpable.
The kernel does emit KERN_WARNING about this situation (upstream
commit 54b501992dd2), but it's not clear if a sysadmin would notice.
(I'm actually quite happy for the default to be changed as you
suggest, but can see it's a bit of a minefield.)
Rich.
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
