BSD coredumps follow symlinks

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: bluefish@SWIPNET.SE: "DOS: Teardrop mixed with a SYN - syndrop.c"
• Previous message: Aleph One: "Vendor Contacts"
• Next in thread: Nir Soffer: "Re: BSD coredumps follow symlinks"

Not quite all (depending on the size of your password file), but
certainly some.
[...]
> What can I do about it? Is there a way to turn off core dumps? That
> would be a reasonable temporary fix.
>
There is a later patch for BSD/OS 3.0 (M300-023) which is described as:

Fixes a potential denial of service attack related
to the kernel following symbolic links when writing core files.

which I expect fixes the problem once and for all. The initial release of 3.0
attempted to fix the problem differently and failed. :-) The M300-023 patch,
as nearly as I can tell, doesn't disable SUID core dumps altogether but
does prevent them from following symlinks.

Unfortunately, upgrading to 3.0 requires you to pay BSDI. :-( However, if you
have access to sources, you can always download that patch yourself, unpack
it and apply the source patches included.

If you don't have access to sources, I've back-ported the patch (in a rough
& ready fashion) and can supply the modified object file (kern_sig.o)
to BSDI licensees. Licence conditions preclude my making it available for
public download without explicit permission from BSDI. :-(

...Ronny

--
 Ronald Cook, Technical Manager - Message Handling Systems/The Message eXchange
 Email: ronny@tmx.com.au ----- Phone: +61-2-9550-4448 ---- Fax: +61-2-9519-2551

All opinions are my own and not those of TMX unless explicitly stated otherwise.

• Next message: bluefish@SWIPNET.SE: "DOS: Teardrop mixed with a SYN - syndrop.c"
• Previous message: Aleph One: "Vendor Contacts"
• Next in thread: Nir Soffer: "Re: BSD coredumps follow symlinks"