Date: Wed, 19 Feb 1997 13:20:55 -0700 From: Warner Losh <imp@village.org> To: Andrew Kosyakov <caseq@magrathea.chance.ru> Cc: rbezuide@oskar.nanoteq.co.za (Reinier Bezuidenhout), dg@root.com, jas@flyingfox.COM, security@freebsd.org Subject: Re: Coredumps and setuids .. interesting.. Message-ID: <E0vxIVb-0006Jf-00@rover.village.org> In-Reply-To: Your message of "Wed, 19 Feb 1997 15:34:56 %2B0300." <199702191234.PAA10870@magrathea.chance.ru> References: <199702191234.PAA10870@magrathea.chance.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199702191234.PAA10870@magrathea.chance.ru> Andrew Kosyakov writes:
: --- hash_buf.c.old Tue Oct 15 14:24:48 1996
: +++ hash_buf.c Tue Oct 15 14:24:13 1996
: @@ -324,7 +324,10 @@
: /* Check if we are freeing stuff */
: if (do_free) {
: if (bp->page)
: + {
: + memset(bp->page,0,hashp->BSIZE);
: free(bp->page);
: + }
: BUF_REMOVE(bp);
: free(bp);
: bp = LRU;
I think this is an excellent idea, but an incomplete one. I think
that we should do this, but hack the db code so that you have to
request that this be done. Then the pw routines would set this flag.
Testing this flag is very cheap and no one would notice. This would
also firewall the pw database somewhat at a very low cost.
I agree that keeping this from coredumping in the first place is by
far the best solution, limiting the damage when there are bugs in the
kernel should be done when the cost can be shown to be small for those
programs that use the same feature, but don't need the protection.
--- hash_buf.c.old Tue Oct 15 14:24:48 1996
+++ hash_buf.c Tue Oct 15 14:24:13 1996
@@ -324,7 +324,10 @@
/* Check if we are freeing stuff */
if (do_free) {
if (bp->page)
+ {
+ if (bp->flags & ZERO_ON_FREE)
+ memset(bp->page,0,hashp->BSIZE);
free(bp->page);
+ }
BUF_REMOVE(bp);
free(bp);
bp = LRU;
with other changes to propigate this flag, define it, that I've not
yet done.
Comments?
Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vxIVb-0006Jf-00>