On Wed, Jun 27, 2018 at 7:44 AM, Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
> On Wed, Jun 27, 2018 at 07:42:52AM -0600, Warner Losh wrote: > > On Wed, Jun 27, 2018 at 12:59 AM, Oliver Pinter < > > oliver.pin...@hardenedbsd.org> wrote: > > > > > > > > > > > On Wednesday, June 27, 2018, Warner Losh <i...@freebsd.org> wrote: > > > > > >> Author: imp > > >> Date: Wed Jun 27 04:11:09 2018 > > >> New Revision: 335690 > > >> URL: https://svnweb.freebsd.org/changeset/base/335690 > > >> > > >> Log: > > >> Fix devctl generation for core files. > > >> > > >> We have a problem with vn_fullpath_global when the file exists. Work > > >> around it by printing the full path if the core file name starts > with /, > > >> or current working directory followed by the filename if not. > > >> > > >> Sponsored by: Netflix > > >> Differential Review: https://reviews.freebsd.org/D16026 > > >> > > >> Modified: > > >> head/sys/kern/kern_sig.c > > >> > > >> Modified: head/sys/kern/kern_sig.c > > >> ============================================================ > > >> ================== > > >> --- head/sys/kern/kern_sig.c Wed Jun 27 04:10:48 2018 > (r335689) > > >> +++ head/sys/kern/kern_sig.c Wed Jun 27 04:11:09 2018 > (r335690) > > >> @@ -3431,24 +3431,6 @@ out: > > >> return (0); > > >> } > > >> > > >> -static int > > >> -coredump_sanitise_path(const char *path) > > >> -{ > > >> - size_t i; > > >> - > > >> - /* > > >> - * Only send a subset of ASCII to devd(8) because it > > >> - * might pass these strings to sh -c. > > >> - */ > > >> - for (i = 0; path[i]; i++) > > >> - if (!(isalpha(path[i]) || isdigit(path[i])) && > > >> - path[i] != '/' && path[i] != '.' && > > >> - path[i] != '-') > > >> - return (0); > > > > > > > > > This part of code existed to prevent shell code injection via file > names. > > > After this commit we lose this. > > > > > > > It's devd's job to prevent that, not the kernel's. > > Has devd been updated? Or is this particular vulnerability manifest > again? > devd is fine as far as I know, apart from the default action. I'm fixing that now. Warner _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
