do_coredump and O_NOFOLLOW

do_coredump and O_NOFOLLOW

[gshan]

Hi All,

I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. 
This means the core file couldn't be a symbolic link. However, I want to 
use symbolic link for core file, So I plan to remove O_NOFOLLOW as 
follows, but I'm not sure there are any impacts introduced by the change?

file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE, 0600);

TO

file = filp_open(corename, O_CREAT | 2 /*| O_NOFOLLOW*/ | O_LARGEFILE, 
0600);

Thanks,
Gavin

Re: do_coredump and O_NOFOLLOW

[Bernd Eckenfels]

In article <46C290F6.2090309@alcatel-lucent.com> you wrote:
> I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. 

I think that is for security reasons, otherwise one has to (atomically)
check who is the owner of the symlink and where it points to. If you dont
have hostile users on your system you might be able to remove it, but it is
not a good idea in the general public.

Maybe we need a coreadm tool like Solaris has, where you can put the
corefiles where you want. That would change the corepattern to include a
path and be specific to a process (tree).

Gruss
Bernd

Re: do_coredump and O_NOFOLLOW

[gshan]

Bernd Eckenfels wrote:
> In article <46C290F6.2090309@alcatel-lucent.com> you wrote:
>   
>> I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. 
>>     
>
> I think that is for security reasons, otherwise one has to (atomically)
> check who is the owner of the symlink and where it points to. If you dont
> have hostile users on your system you might be able to remove it, but it is
> not a good idea in the general public.
>
> Maybe we need a coreadm tool like Solaris has, where you can put the
> corefiles where you want. That would change the corepattern to include a
> path and be specific to a process (tree).
>
> Gruss
> Bernd
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>   
Bernd, Thanks for your reply. I don't think there are any hostile users 
on the system. So it's relatively of security. I didn't hear of coreadm 
tool before, Linux will become more powerful with coreadm.

Re: do_coredump and O_NOFOLLOW

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 695 bytes --]

On Wed, 15 Aug 2007 16:03:39 +0800, gshan said:

> Bernd, Thanks for your reply. I don't think there are any hostile users 
> on the system. So it's relatively of security. I didn't hear of coreadm 
> tool before, Linux will become more powerful with coreadm.

Well, *right now* you don't have hostile users.  However, that can change, if a
user's password gets compromised (often because they left it on a stick-it note
on the monitor), or if somebody is running Firefox and accidentally hits a
malicious site that exploits a Firefox bug, or if one of your company's
employees didn't get the raise they wanted, so they're quitting and planning to
kill the system on their way out the door....


[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

Re: do_coredump and O_NOFOLLOW

[Andy Isaacson]

On Wed, Aug 15, 2007 at 01:36:54PM +0800, gshan wrote:
> I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10. 
> This means the core file couldn't be a symbolic link. However, I want to 
> use symbolic link for core file

I would recommend that you use
# sysctl -w kernel.core_pattern=/tmp/core.%e.%p
instead.  See Documentation/sysctl/kernel.txt for details.

-andy