On Mon, 2015-02-09 at 20:46 -0800, Rui Paulo wrote: > On Feb 9, 2015, at 20:34, Rui Paulo <rpa...@freebsd.org> wrote: > > > > Author: rpaulo > > Date: Tue Feb 10 04:34:39 2015 > > New Revision: 278494 > > URL: https://svnweb.freebsd.org/changeset/base/278494 > > > > Log: > > Sanitise the coredump file names sent to devd. > > > > While there, add a sysctl to turn this feature off as requested by > > kib@. > > I wanted to get the sanitiser code in ASAP, but, as suggested by stas@ > offline, we think devd should also provide an action mode that runs a command > outside sh(1) and without using $PATH. > > -- > Rui Paulo > > > > >
Or... we could consider restoring devd to its original relatively benign existance handling device-related events, and move handling of crash dumps into a separate daemon which can shoulder the burden of security for itself. At $work we listen to the devd re-distribute port to handle device events in our apps, and having an ever-growing flood of stuff that's got nothing to do with devices is going to have a negative impact on applications that do such things. -- Ian _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
