[exim-dev] [Bug 852] Do not reset hard limit for coredump si…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: exim-dev
Betreff: [exim-dev] [Bug 852] Do not reset hard limit for coredump size
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=852

Phil Pennock <exim-dev@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |exim-dev@???





--- Comment #1 from Phil Pennock <exim-dev@???> 2009-06-08 23:29:43 ---
We already have bug 834 in which I provided a patch to implement a
permit_coredump option on pipe transports, where this does work.

If you're permitting coredumps to be raised by using the soft limit, then
there's a security issue when Exim has read in getpwent data with passwords (on
various systems) or other cases where it still has this sort of data in memory;
then once it has setuid() to an end-user, the end-user triggers a core-dump
(via signal). Thus changing the option globally like this seems a bad idea.

I for one would be happier if this was changed to add a
system_filter_permit_coredump option and recoded to limit the situations in
which a core-dump can happen.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email