Date: Wed, 27 Jun 2018 09:44:55 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Warner Losh <imp@bsdimp.com> Cc: Oliver Pinter <oliver.pinter@hardenedbsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, Warner Losh <imp@freebsd.org> Subject: Re: svn commit: r335690 - head/sys/kern Message-ID: <20180627134455.k6jvum4pnuejas3x@mutt-hbsd> In-Reply-To: <CANCZdfoj8te2JOiLQPT4PWGYaGtsXVu-h=4v2G353zQ7Q_3O_Q@mail.gmail.com> References: <201806270411.w5R4B9ZB078994@repo.freebsd.org> <CAPQ4fftmp=51uCDL-p4deQwZ90c9op0GymWex45S%2BbW2HO-PRg@mail.gmail.com> <CANCZdfoj8te2JOiLQPT4PWGYaGtsXVu-h=4v2G353zQ7Q_3O_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--kllacfhio377jhyz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 27, 2018 at 07:42:52AM -0600, Warner Losh wrote: > On Wed, Jun 27, 2018 at 12:59 AM, Oliver Pinter < > oliver.pinter@hardenedbsd.org> wrote: >=20 > > > > > > On Wednesday, June 27, 2018, Warner Losh <imp@freebsd.org> wrote: > > > >> Author: imp > >> Date: Wed Jun 27 04:11:09 2018 > >> New Revision: 335690 > >> URL: https://svnweb.freebsd.org/changeset/base/335690 > >> > >> Log: > >> Fix devctl generation for core files. > >> > >> We have a problem with vn_fullpath_global when the file exists. Work > >> around it by printing the full path if the core file name starts wit= h /, > >> or current working directory followed by the filename if not. > >> > >> Sponsored by: Netflix > >> Differential Review: https://reviews.freebsd.org/D16026 > >> > >> Modified: > >> head/sys/kern/kern_sig.c > >> > >> Modified: head/sys/kern/kern_sig.c > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > >> --- head/sys/kern/kern_sig.c Wed Jun 27 04:10:48 2018 (r3356= 89) > >> +++ head/sys/kern/kern_sig.c Wed Jun 27 04:11:09 2018 (r3356= 90) > >> @@ -3431,24 +3431,6 @@ out: > >> return (0); > >> } > >> > >> -static int > >> -coredump_sanitise_path(const char *path) > >> -{ > >> - size_t i; > >> - > >> - /* > >> - * Only send a subset of ASCII to devd(8) because it > >> - * might pass these strings to sh -c. > >> - */ > >> - for (i =3D 0; path[i]; i++) > >> - if (!(isalpha(path[i]) || isdigit(path[i])) && > >> - path[i] !=3D '/' && path[i] !=3D '.' && > >> - path[i] !=3D '-') > >> - return (0); > > > > > > This part of code existed to prevent shell code injection via file name= s. > > After this commit we lose this. > > >=20 > It's devd's job to prevent that, not the kernel's. Has devd been updated? Or is this particular vulnerability manifest again? --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --kllacfhio377jhyz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlszlNIACgkQaoRlj1JF bu4lyRAAtxbhqWlQb9g9q7Jn8chInkludGnPqDRsC1Md7vrqT8dSbIQE1PsD5grQ I4Z0yTrJC1f5gmY1NXNyTyF8G0jHHMpjXOKAusDw/hHIE8aWm+2fBvVjQJMqchN8 DmeV+xKYNC1A7seTDbGQz9Vyqu8kKec7DFt6+SemA6TEj2Y8LPGGYWVGrrF+grZp MlIlubf3uf07wAdua6+mgUEGa1qHfrTbC+84FxLmuOD6IlbVhAJNaaSPMhHNYtIS E4bpaatFSscE9qePrSfNQagFlwyKR1kUtHkuKgEZ4OFLVFYvGTb9OXsbyRRpjfd+ RLABFk79zd57xlI9zNj1MSSyeXTC7Ue/MdbjiyEOK85+lt73A+FEFh4IxV1IQExr vNtgud5wW/8DPNK8xHHY0xLEaL4KrrM4EO5IdxjMNS7Wcn8VHnw87xp7i4vIG2k9 zsHrcQXb+TdGeLFBSlZ6MOs3Zv5r7KjKmqLLSf2DRqFKSBucwtU1bSfWZK0lYwne hix29eTQyz3aZmPW/M8reNnOqRCGfewFVhpK62CA9M4tgQBmoz0I5ZUoUfYytqPh DAwBVaCp5nmIWxn/IcLubnQeiGLK1XkEUuHWeuqICrMfDYBZ8fULA8ukJwjVjw+X kxWYNlyHIXapJgVa2QNlu+tH0kC3JYfSSe2/8alXfW40ROizTVc= =l2nY -----END PGP SIGNATURE----- --kllacfhio377jhyz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180627134455.k6jvum4pnuejas3x>