exim-dev at spodhuis
Jun 8, 2009, 3:29 PM
Post #1 of 1
(538 views)
Permalink
|
|
[Bug 852] Do not reset hard limit for coredump size
|
|
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=852
Phil Pennock <exim-dev [at] spodhuis> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |exim-dev [at] spodhuis
--- Comment #1 from Phil Pennock <exim-dev [at] spodhuis> 2009-06-08 23:29:43 ---
We already have bug 834 in which I provided a patch to implement a
permit_coredump option on pipe transports, where this does work.
If you're permitting coredumps to be raised by using the soft limit, then
there's a security issue when Exim has read in getpwent data with passwords (on
various systems) or other cases where it still has this sort of data in memory;
then once it has setuid() to an end-user, the end-user triggers a core-dump
(via signal). Thus changing the option globally like this seems a bad idea.
I for one would be happier if this was changed to add a
system_filter_permit_coredump option and recoded to limit the situations in
which a core-dump can happen.
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
|
