Hi All,
I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10.
This means the core file couldn't be a symbolic link. However, I want to
use symbolic link for core file, So I plan to remove O_NOFOLLOW as
follows, but I'm not sure there are any impacts introduced by the change?
file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE, 0600);
TO
file = filp_open(corename, O_CREAT | 2 /*| O_NOFOLLOW*/ | O_LARGEFILE,
0600);
Thanks,
Gavin
In article <[email protected]> you wrote:
> I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10.
I think that is for security reasons, otherwise one has to (atomically)
check who is the owner of the symlink and where it points to. If you dont
have hostile users on your system you might be able to remove it, but it is
not a good idea in the general public.
Maybe we need a coreadm tool like Solaris has, where you can put the
corefiles where you want. That would change the corepattern to include a
path and be specific to a process (tree).
Gruss
Bernd
Bernd Eckenfels wrote:
> In article <[email protected]> you wrote:
>
>> I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10.
>>
>
> I think that is for security reasons, otherwise one has to (atomically)
> check who is the owner of the symlink and where it points to. If you dont
> have hostile users on your system you might be able to remove it, but it is
> not a good idea in the general public.
>
> Maybe we need a coreadm tool like Solaris has, where you can put the
> corefiles where you want. That would change the corepattern to include a
> path and be specific to a process (tree).
>
> Gruss
> Bernd
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
Bernd, Thanks for your reply. I don't think there are any hostile users
on the system. So it's relatively of security. I didn't hear of coreadm
tool before, Linux will become more powerful with coreadm.
On Wed, 15 Aug 2007 16:03:39 +0800, gshan said:
> Bernd, Thanks for your reply. I don't think there are any hostile users
> on the system. So it's relatively of security. I didn't hear of coreadm
> tool before, Linux will become more powerful with coreadm.
Well, *right now* you don't have hostile users. However, that can change, if a
user's password gets compromised (often because they left it on a stick-it note
on the monitor), or if somebody is running Firefox and accidentally hits a
malicious site that exploits a Firefox bug, or if one of your company's
employees didn't get the raise they wanted, so they're quitting and planning to
kill the system on their way out the door....
On Wed, Aug 15, 2007 at 01:36:54PM +0800, gshan wrote:
> I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10.
> This means the core file couldn't be a symbolic link. However, I want to
> use symbolic link for core file
I would recommend that you use
# sysctl -w kernel.core_pattern=/tmp/core.%e.%p
instead. See Documentation/sysctl/kernel.txt for details.
-andy