Date: Wed, 27 Jun 2018 07:46:28 -0600 From: Warner Losh <imp@bsdimp.com> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Oliver Pinter <oliver.pinter@hardenedbsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, Warner Losh <imp@freebsd.org> Subject: Re: svn commit: r335690 - head/sys/kern Message-ID: <CANCZdfppj7EXzO4LWSm29vusiy8g-oha3Q84A5=rkWAWpRCHgw@mail.gmail.com> In-Reply-To: <20180627134455.k6jvum4pnuejas3x@mutt-hbsd> References: <201806270411.w5R4B9ZB078994@repo.freebsd.org> <CAPQ4fftmp=51uCDL-p4deQwZ90c9op0GymWex45S%2BbW2HO-PRg@mail.gmail.com> <CANCZdfoj8te2JOiLQPT4PWGYaGtsXVu-h=4v2G353zQ7Q_3O_Q@mail.gmail.com> <20180627134455.k6jvum4pnuejas3x@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 27, 2018 at 7:44 AM, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > On Wed, Jun 27, 2018 at 07:42:52AM -0600, Warner Losh wrote: > > On Wed, Jun 27, 2018 at 12:59 AM, Oliver Pinter < > > oliver.pinter@hardenedbsd.org> wrote: > > > > > > > > > > > On Wednesday, June 27, 2018, Warner Losh <imp@freebsd.org> wrote: > > > > > >> Author: imp > > >> Date: Wed Jun 27 04:11:09 2018 > > >> New Revision: 335690 > > >> URL: https://svnweb.freebsd.org/changeset/base/335690 > > >> > > >> Log: > > >> Fix devctl generation for core files. > > >> > > >> We have a problem with vn_fullpath_global when the file exists. Work > > >> around it by printing the full path if the core file name starts > with /, > > >> or current working directory followed by the filename if not. > > >> > > >> Sponsored by: Netflix > > >> Differential Review: https://reviews.freebsd.org/D16026 > > >> > > >> Modified: > > >> head/sys/kern/kern_sig.c > > >> > > >> Modified: head/sys/kern/kern_sig.c > > >> ============================================================ > > >> ================== > > >> --- head/sys/kern/kern_sig.c Wed Jun 27 04:10:48 2018 > (r335689) > > >> +++ head/sys/kern/kern_sig.c Wed Jun 27 04:11:09 2018 > (r335690) > > >> @@ -3431,24 +3431,6 @@ out: > > >> return (0); > > >> } > > >> > > >> -static int > > >> -coredump_sanitise_path(const char *path) > > >> -{ > > >> - size_t i; > > >> - > > >> - /* > > >> - * Only send a subset of ASCII to devd(8) because it > > >> - * might pass these strings to sh -c. > > >> - */ > > >> - for (i = 0; path[i]; i++) > > >> - if (!(isalpha(path[i]) || isdigit(path[i])) && > > >> - path[i] != '/' && path[i] != '.' && > > >> - path[i] != '-') > > >> - return (0); > > > > > > > > > This part of code existed to prevent shell code injection via file > names. > > > After this commit we lose this. > > > > > > > It's devd's job to prevent that, not the kernel's. > > Has devd been updated? Or is this particular vulnerability manifest > again? > devd is fine as far as I know, apart from the default action. I'm fixing that now. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfppj7EXzO4LWSm29vusiy8g-oha3Q84A5=rkWAWpRCHgw>