Date: Thu, 31 Oct 2013 01:29:25 +0100 From: dt71@gmx.com To: Colin Percival <cperciva@freebsd.org>, freebsd-hackers@freebsd.org Subject: Re: Automated submission of kernel panic reports Message-ID: <5271A465.2030206@gmx.com> In-Reply-To: <526F8EB3.1040205@freebsd.org> References: <526F8EB3.1040205@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Notes/advice/recommendations/proposals/questions/whatever:
This smells of having a potential to make an admin accidentally transmit undesired information, as well as adding some attack surface.
Without testing, I bet that a reguler user will be able to read the panicmail.N file (which will contain the textdump) -- the umask/permissions are not set up properly.
I very much dislike the non-use of double quotes around variable expansions and things like that in the shell code.
The return code of /usr/local/bin/pkesh should be handled.
Place a comment to the location in the code where an admin could put an add-on script that can automatically modify the text to be submitted (both automatic and confirmed mode).
What if the /var/crash/{info,vmcore}.last symlinks were used as a basis for selecting the last dump, instead of the current "$((`cat bounds` - 1))"/"$1" method?
What's wrong with "our" /bin/sh? If a temporary file is used for kgdb commands anyway, would it not be cleaner to use ``-x ${tmpfile}'' instead of input-piping?
How about: ${panicmail_sendto} could be "Full Name <e-mail@address>"?
"# Remove temporary file" is a bit superfluous.
Choose a consistent commenting style: either use periods/fullstops, or don't.
I'd personally use ``>'' instead of ``>>'' first in panicmail_gather().
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5271A465.2030206>