Searched hist:251073 (Results 1 - 1 of 1) sorted by relevance
/freebsd-10.0-release/usr.bin/kdump/ | ||
H A D | kdump.c | diff 251073 Tue May 28 19:42:02 MDT 2013 pjd MFp4 @229086: Make use of Capsicum to protect kdump(1), as it might be used to parse data from untrusted sources: - Sandbox kdump(1) using capability mode. - Limit stdin descriptor (where opened file is moved to) to only CAP_READ and CAP_FSTAT rights. - Limit stdout descriptor to only CAP_WRITE, CAP_FSTAT and CAP_IOCTL. Plus limit allowed ioctls to TIOCGETA only, which is needed for isatty() to work. - Limit stderr descriptor to only CAP_WRITE and CAP_FSTAT. In addition if the -s option is not given, grant CAP_IOCTL right, but allow for TIOCGWINSZ ioctl only, as we need screen width to dump the data. - Before entering capability mode call catopen("libc", NL_CAT_LOCALE), which opens message catalogs and caches data, so that strerror(3) and strsignal(3) can work in a sandbox. Sponsored by: The FreeBSD Foundation Discussed with: rwatson |
Completed in 207 milliseconds