Subject: Re: permission of kernel's core
To: NAKAJIMA Yoshihiro <nakayosh@kcn.or.jp>
From: Manuel BOUYER <bouyer@antioche.lip6.fr>
List: current-users
Date: 08/29/1997 17:40:44
On Aug 30, NAKAJIMA Yoshihiro wrote
> Hello everyone!
> 
> My kernel was crashed this night. And rebooting, savecore(8)
> made a core file, such as:
> 
> : % ls -l /var/crash/netbsd*
> : -rw-r--r--  1 root  wheel   1018232 Aug 29 20:09 /var/crash/netbsd.0
> : -rw-r--r--  1 root  wheel  67108864 Aug 29 20:09 /var/crash/netbsd.0.core
> 
> The core file is `world readable'. Is this correct?
> 
> In savecore_old.c (I'm an i386 user), core file is open(2)'d as
> 0644 or zopen(3)'d. in addition, savecore.c uses umask(002).
> 

Hum, there is a security issue here. If I have a mean to make the system
panic when logged as joe user, I can run passwd(1), make the system panic
and then find parts of /etc/master.passwd in the kernel core. Bad.
The defaults should be to create the core 0600. However, an option to
savecore to override this would be nice (I find it terribly usefull to be able
to rsh machine dmesg -M /var/crash/netsbd.x.core whithout having to
log in to the machine and su root ... I have machines where security is not
so critical).

Could you send-pr this, so this doesn't go to /dev/null ?

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--