On Mar 22, 2015, at 18:08, Mateusz Guzik <mjgu...@gmail.com> wrote: > > On Mon, Feb 09, 2015 at 11:13:51PM +0000, Rui Paulo wrote: >> Author: rpaulo >> Date: Mon Feb 9 23:13:50 2015 >> New Revision: 278479 >> URL: https://svnweb.freebsd.org/changeset/base/278479 >> >> Log: >> Notify devd(8) when a process crashed. >> >> This change implements a notification (via devctl) to userland when >> the kernel produces coredumps after a process has crashed. >> devd can then run a specific command to produce a human readable crash >> report. The command is most usually a helper that runs gdb/lldb >> commands on the file/coredump pair. It's possible to use this >> functionality for implementing automatic generation of crash reports. >> >> devd(8) will be notified of the full path of the binary that crashed and >> the full path of the coredump file. >> > > The more I look at this the more I'm convinced this is quite insecure. > > At a minimum this should also grow a flag to decide whether notification > about jailed process crashes are allowed. Off by default. > > As it is you pass a path leading to a jail, but that's inherently > untrusted and will lead to trouble.
We got sidetracked by the devd-bloat discussion, but I can turn this off until a better approach is programmed. -- Rui Paulo _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"