Subject: Re: permission of kernel's core
To: Manuel BOUYER <bouyer@antioche.lip6.fr>
From: Chris G. Demetriou <cgd@pa.dec.com>
List: current-users
Date: 08/29/1997 09:59:42
> > In savecore_old.c (I'm an i386 user), core file is open(2)'d as
> > 0644 or zopen(3)'d. in addition, savecore.c uses umask(002).
> >
>
> Hum, there is a security issue here. If I have a mean to make the system
> panic when logged as joe user, I can run passwd(1), make the system panic
> and then find parts of /etc/master.passwd in the kernel core. Bad.
> The defaults should be to create the core 0600. However, an option to
> savecore to override this would be nice (I find it terribly usefull to be able
> to rsh machine dmesg -M /var/crash/netsbd.x.core whithout having to
> log in to the machine and su root ... I have machines where security is not
> so critical).
Not really.
/var/crash is supposed to have the have mode 770, user == group, root
== wheel, when created by a new install, and those are relatively sane
defaults. If it doesn't have those perms in that situation, _that_ is
a problem.
The perms set by savecore are not a problem or bug, and if they're
changed they'll prohibit an admin from setting up a machine in a way
that may be perfectly acceptable in their environment.
Why add a special set of flags to savecore and increase code bloat
further, when there's already an adequate solution to "do the right
thing"?
cgd