Date: Thu, 28 Jun 2018 01:42:29 -0600 From: Warner Losh <imp@bsdimp.com> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Oliver Pinter <oliver.pinter@hardenedbsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, Warner Losh <imp@freebsd.org> Subject: Re: svn commit: r335690 - head/sys/kern Message-ID: <CANCZdfp3rdoT8%2B2kYM8KQVKdhJ3u5xNbfbTv5bfbi-Cqry5Z1Q@mail.gmail.com> In-Reply-To: <CANCZdfppj7EXzO4LWSm29vusiy8g-oha3Q84A5=rkWAWpRCHgw@mail.gmail.com> References: <201806270411.w5R4B9ZB078994@repo.freebsd.org> <CAPQ4fftmp=51uCDL-p4deQwZ90c9op0GymWex45S%2BbW2HO-PRg@mail.gmail.com> <CANCZdfoj8te2JOiLQPT4PWGYaGtsXVu-h=4v2G353zQ7Q_3O_Q@mail.gmail.com> <20180627134455.k6jvum4pnuejas3x@mutt-hbsd> <CANCZdfppj7EXzO4LWSm29vusiy8g-oha3Q84A5=rkWAWpRCHgw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 27, 2018 at 7:46 AM, Warner Losh <imp@bsdimp.com> wrote: > > > On Wed, Jun 27, 2018 at 7:44 AM, Shawn Webb <shawn.webb@hardenedbsd.org> > wrote: > >> On Wed, Jun 27, 2018 at 07:42:52AM -0600, Warner Losh wrote: >> > On Wed, Jun 27, 2018 at 12:59 AM, Oliver Pinter < >> > oliver.pinter@hardenedbsd.org> wrote: >> > >> > > >> > > >> > > On Wednesday, June 27, 2018, Warner Losh <imp@freebsd.org> wrote: >> > > >> > >> Author: imp >> > >> Date: Wed Jun 27 04:11:09 2018 >> > >> New Revision: 335690 >> > >> URL: https://svnweb.freebsd.org/changeset/base/335690 >> > >> >> > >> Log: >> > >> Fix devctl generation for core files. >> > >> >> > >> We have a problem with vn_fullpath_global when the file exists. >> Work >> > >> around it by printing the full path if the core file name starts >> with /, >> > >> or current working directory followed by the filename if not. >> > >> >> > >> Sponsored by: Netflix >> > >> Differential Review: https://reviews.freebsd.org/D16026 >> > >> >> > >> Modified: >> > >> head/sys/kern/kern_sig.c >> > >> >> > >> Modified: head/sys/kern/kern_sig.c >> > >> ============================================================ >> > >> ================== >> > >> --- head/sys/kern/kern_sig.c Wed Jun 27 04:10:48 2018 >> (r335689) >> > >> +++ head/sys/kern/kern_sig.c Wed Jun 27 04:11:09 2018 >> (r335690) >> > >> @@ -3431,24 +3431,6 @@ out: >> > >> return (0); >> > >> } >> > >> >> > >> -static int >> > >> -coredump_sanitise_path(const char *path) >> > >> -{ >> > >> - size_t i; >> > >> - >> > >> - /* >> > >> - * Only send a subset of ASCII to devd(8) because it >> > >> - * might pass these strings to sh -c. >> > >> - */ >> > >> - for (i = 0; path[i]; i++) >> > >> - if (!(isalpha(path[i]) || isdigit(path[i])) && >> > >> - path[i] != '/' && path[i] != '.' && >> > >> - path[i] != '-') >> > >> - return (0); >> > > >> > > >> > > This part of code existed to prevent shell code injection via file >> names. >> > > After this commit we lose this. >> > > >> > >> > It's devd's job to prevent that, not the kernel's. >> >> Has devd been updated? Or is this particular vulnerability manifest >> again? >> > > devd is fine as far as I know, apart from the default action. I'm fixing > that now. > As of r335756 the quoting issue that this code was for was fixed. I thought I'd jumped through these hoops years ago, but I can't find the tree I did it in, and it's clear I never committed it. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfp3rdoT8%2B2kYM8KQVKdhJ3u5xNbfbTv5bfbi-Cqry5Z1Q>