Re: [exim] Exim drops core size

Top Page

Reply to this message
Author: Phil Pennock
To: exim-users
Subject: Re: [exim] Exim drops core size
On 2009-03-29 at 20:53 +0000, Jörg Sommer wrote:
> Hallo Phil,
> Phil Pennock <exim-users@???> wrote:
> > On 2009-03-27 at 22:01 +0000, Jörg Sommer wrote:
> >> why exim sets the limit for coredumps to 0? If one of the processes
> >> executed by exim, e.g. procmail, crashes I can't get a coredump. Is there
> >> an option to tell exim not to do so?
> >
> > Generally speaking, Exim is taking untrusted content from the outside
> > world and delivering it to some process; failures in those processes
> > which result in core-dumps are a DoS vulnerability as you could fill
> > disk at an attacker's whim, even if the problem is in no other way
> > exploitable.
> Because the core is always dumped to the file core and gets overwritten
> by a second dump, I don't see how you will fill up the filesystem. Please
> explain.

Not all systems are like yours. Both Linux and FreeBSD, amongst others,
allow core-dumps to be named to have things like the pid in the name.
"The same filename every time" is not something you should count on.

Exim plays safe. It doesn't know what the sub-process will be doing, it
doesn't know where it will be doing it, it sets up as safe an
environment as possible to limit potential damage. This is sane.

Perhaps Exim should have a knob to let people re-enable core-dumps for
deliveries, on a per-transport basis. Patches welcome.