On 3/23/15 9:17 PM, Rui Paulo wrote:
Author: rpaulo Date: Tue Mar 24 02:17:17 2015 New Revision: 280410 URL: https://svnweb.freebsd.org/changeset/base/280410Log: Disable coredump_devctl because it could lead to leaking paths to jails. Modified: head/sys/kern/kern_sig.c Modified: head/sys/kern/kern_sig.c ============================================================================== --- head/sys/kern/kern_sig.c Tue Mar 24 01:32:46 2015 (r280409) +++ head/sys/kern/kern_sig.c Tue Mar 24 02:17:17 2015 (r280410) @@ -180,7 +180,7 @@ static int set_core_nodump_flag = 0; SYSCTL_INT(_kern, OID_AUTO, nodump_coredump, CTLFLAG_RW, &set_core_nodump_flag, 0, "Enable setting the NODUMP flag on coredump files"); -static int coredump_devctl = 1; +static int coredump_devctl = 0; SYSCTL_INT(_kern, OID_AUTO, coredump_devctl, CTLFLAG_RW, &coredump_devctl, 0, "Generate a devctl notification when processes coredump");
If there is a security concern about this feature I think more needs to be done than just flipping the default. It could easily be forgotten about and make a release.
-- Regards, Bryan Drewery _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
