-
-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kernel: CoreDump follows symlinks for core dump directory when writing core dump files #4435
Comments
Generally, I think we should move away from the kernel writing coredumps to a hard-coded fs path and instead making them available through either a |
My plan was a special device in |
And yes, the kernel assuming anything about the filesystem layout feels like a violation of layering. Ideally the only path hardcoded in the kernel is That being said, it's not as important for Serenity as it is for Linux, because we don't expect people to run the kernel with userspaces different than ours. Whereas you can run various userspaces on Linux, with wildly different FS layouts and such. |
I'm fond of per-user temporary directories for a whole bunch of reasons. This may be a viable option for storing the core dumps on disk (so long as symlinks are forbidden). This would also help prevent leaking information via readable core dumps of another user's processes or privileged processes ( Edit: +1 for CoredumpFS |
I like the option of CoredumpFS as suggested by @awesomekling. One advantage of this option (as said by AK) is to put coredumps on the disk, which can assist us in case of OOM. |
CoredumpFS is not about saving files to disk, on the contrary it's about keeping core dumps in RAM and exposing them as a pseudo-filesystem like ProcFS. |
SystemServer now creates the /tmp/coredump and /tmp/profiler_coredumps directories at startup, ensuring that they are owned by root, and with basic 0755 permissions. The kernel will also now refuse to put core dumps in a directory that doesn't fulfill the following criteria: - Owned by 0:0 - Directory with sticky bit not set - 0755 permissions Fixes SerenityOS#4435 Fixes SerenityOS#4850
SystemServer now creates the /tmp/coredump and /tmp/profiler_coredumps directories at startup, ensuring that they are owned by root, and with basic 0755 permissions. The kernel will also now refuse to put core dumps in a directory that doesn't fulfill the following criteria: - Owned by 0:0 - Directory with sticky bit not set - 0755 permissions Fixes SerenityOS#4435 Fixes SerenityOS#4850
The
/tmp/coredump/
directory used for storing coredumps is created byCrashDaemon
upon system startup. The directory is owned by the user who launched the service (defaultanon
).If the directory is removed, next time a crash is encountered the directory will be recreated with
777
permissions androot
ownership :serenity/Kernel/CoreDump.cpp
Lines 62 to 85 in 5eacf62
This permits replacing the directory with a symlink (as
anon
in the default scenario or as any user if the directory has been deleted/replaced with 777 permissions).As
CrashDaemon
follows symlinks, this allows low-privileged users to spray core dump files onto any writable mounted filesystems.Note: Writing core dumps does not appear to follow symlinks for the core dump files themselves, only the core dump directory. As such, despite the predictable core dump file names, it is not possible to abuse this to control the core dump file name or clobber existing files (unless I'm missing something). Here's the code I was using to mess around with the predictable core dump file names:
The text was updated successfully, but these errors were encountered: