| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Apr 2007 09:38:52 -0400 From: "Christopher S. Aker" <caker@...shore.net> To: Alan Cox <alan@...rguk.ukuu.org.uk> CC: Andi Kleen <andi@...stfloor.org>, "Bill Rugolsky Jr." <brugolsky@...emetry-investments.com>, linux-kernel@...r.kernel.org Subject: Re: [Feature Request?] Inline compression of process core dumps Alan Cox wrote: >> Looking at the code, it seems to me that format_corename() is appending >> .pid, regardless if !core_uses_pid and corename[0]=='|', in which case >> it creates an invalid path for call_usermodehelper_pipe(). >> >> Bug in the code, or bug in my methods? > > This looks somewhat better and might do the trick. Also fixes a very very > obscure security corner case. If you change core pattern to start with > the program name then the user can run a program called "|myevilhack" as > it stands. The patch checks for "|" in the pattern not the output and > doesn't nail a pid on to a piped name. <snip> Works great now. Queue this sucker up! # cat /proc/sys/kernel/core_pattern |/home/caker/bin/dumper.pl # ./linux <blah blah> Segmentation fault (core dumped) # file /tmp/dumper.out /tmp/dumper.out: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style Thanks for everyone's help. -Chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists