diff options
| author | pjd <pjd@FreeBSD.org> | 2013-05-28 21:25:28 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2013-05-28 21:25:28 +0000 |
| commit | 16e12aa3c20ce3c5454147fed0cfba2f3afb18ff (patch) | |
| tree | 8e2c984a45a4dca0575b697c2cf56f4726dedbf7 /Makefile.inc1 | |
| parent | 07b42e6753a984a981ed5ce78c1781d9a45a00bc (diff) | |
| download | FreeBSD-src-16e12aa3c20ce3c5454147fed0cfba2f3afb18ff.zip FreeBSD-src-16e12aa3c20ce3c5454147fed0cfba2f3afb18ff.tar.gz | |
MFp4 @229086:
Make use of Capsicum to protect kdump(1), as it might be used to parse data
from untrusted sources:
- Sandbox kdump(1) using capability mode.
- Limit stdin descriptor (where opened file is moved to) to only
CAP_READ and CAP_FSTAT rights.
- Limit stdout descriptor to only CAP_WRITE, CAP_FSTAT and CAP_IOCTL.
Plus limit allowed ioctls to TIOCGETA only, which is needed for
isatty() to work.
- Limit stderr descriptor to only CAP_WRITE and CAP_FSTAT. In addition
if the -s option is not given, grant CAP_IOCTL right, but allow for
TIOCGWINSZ ioctl only, as we need screen width to dump the data.
- Before entering capability mode call catopen("libc", NL_CAT_LOCALE),
which opens message catalogs and caches data, so that strerror(3)
and strsignal(3) can work in a sandbox.
Sponsored by: The FreeBSD Foundation
Discussed with: rwatson
Diffstat (limited to 'Makefile.inc1')
0 files changed, 0 insertions, 0 deletions
