On Mon, Nov 05, 2012 at 11:34:26AM -0800, Eric W. Biederman wrote: > I would argue that you very much need to define what it means to have a > per container core dump at the same time as you argue this. > > Nacked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > > Running in a namespace different than whoever set the core dump > pattern/helper makes core dump helpers much more attackable. With this > patch and a little creativity I expect I can get root to write to > whatever file I would like. Since I also control the content of what is > going into that file.... This design seems emintely exploitable. Understood. Indeed this is bad design. Having it tied to the mount namespace of the process setting the pattern/helper, therefore any process crashing under the same mount namespace would use the same pattern/helper? > Furthermore not all namespaces are pointed at by nsproxy, so even > for it's original design this patch is buggy. is it userns? I just assumed it wasn't there yet because it's being worked on. > I do think supporting a per container coredump setting makes a lot of > sense but I do not think this patch is the way to do it. I understand, thanks for the time reviewing it. -- Aristeu -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
