Vissza a www.andrews.hu-ra

    [guru] Fwd: [security@caveo.nl: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround]

    DATE: Mon, 17 Jul 2006 15:57:55 +0200 
    Néhány workaround a Linux kernel sys_prctl() hibályának megkerülésére.
    --- Begin Message --- 
    The most easy way to stop this vulnerability is this by sepcifying the core
dump location

echo /root/core > /proc/sys/kernel/core_pattern

This specifies /root as core dump location which makes it unavailable for
the local user.

Kind regards,

    Ronald Timmerman - Caveo Internet BV

    --- End Message ---
    --- Begin Message --- 
    On Fri, Jul 14, 2006 at 04:50:19PM +0200, Caveo Internet BV - Security wrote:
> The most easy way to stop this vulnerability is this by
> sepcifying the core dump location
> 
> echo /root/core > /proc/sys/kernel/core_pattern
> 
> This specifies /root as core dump location which makes it
> unavailable for the local user.

Better yet (generally), 

sysctl -w kernel.core_pattern=/dev/null
[ -f /etc/sysctl.conf ] && { grep -q ^kernel.core_pattern /etc/sysctl.conf || echo kernel.core_pattern = /dev/null >> /etc/sysctl.conf }

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

    Attachment: pgp3lLkuSZhHT.pgp
    Description: PGP signature


    --- End Message ---
    --- Begin Message --- 
    On Fri, 14 Jul 2006, Caveo Internet BV - Security wrote:

    The most easy way to stop this vulnerability is this by sepcifying the core
dump location

    echo /root/core > /proc/sys/kernel/core_pattern

    This specifies /root as core dump location which makes it unavailable for
the local user.


    Better solution add  line to /etc/limits.conf

    *               hard    core    0

    and set pam_limits in pam services.

    --
*[ Łukasz Trąbiński ]*
SysAdmin @wsisiz.edu.pl




    --- End Message ---
    --- Begin Message --- 
    On Fri, 14 Jul 2006, Caveo Internet BV - Security wrote:

> The most easy way to stop this vulnerability is this by sepcifying the core
> dump location
>
> echo /root/core > /proc/sys/kernel/core_pattern
>
> This specifies /root as core dump location which makes it unavailable for
> the local user.

This would be just shifting problems. /root is usually not that big. So
you end up with a core dump filling up your root disk. Not a pretty sight
I might add.

Either disable coredumps or send them to a place with plenty of diskspace
left and protect that one from prying eyes.

Hugo.

-- 
	I hate duplicates. Just reply to the relevant mailinglist.
	hvdkooij@vanderkooij.org		http://hvdkooij.xs4all.nl/
		Don't meddle in the affairs of magicians,
		for they are subtle and quick to anger.

    --- End Message ---

    Vissza a www.andrews.hu-ra