Re: Layering an IDS on Linux - prepwork

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> Think of it, is there any reason for dhcdbd to dump core *every time* it runs?

>> Will anyone be looking at that core dump?
>
>Fedora runs (ulimit -S -c 0) in /etc/profile, so no process doesn't dump
>core by default.

The kernel hook is before anything decides whether or not to actually allow the
dumping of core. Its for this very reason. Most admin's will not allow core dumps
because it wastes disk space and could contain privileged information. So, people
may not be aware of the consequences of using abort() casually in a program. So,
if core dump is always turned off and we want to protect everyone...we need to
hook before that check.

>I don't know about the specific case of dhcdbd - maybe it uses abort()
>when it should use exit(nonzero).  But in general, abort() is useful
>even on production systems.

I guess part of the issue is that glibc uses abort to bring the program to an end
- like on a double free. If there was another signal that indicated that a
program is ending due to something FORTIFY_SOURCE detected or gcc's stack
protector found, we could filter this out better.

-Steve


       
____________________________________________________________________________________
Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux