On Tue, 2019-03-12 at 15:50 +0100, Jakub Wilk wrote: > The majorly broken thing is, unfortunately, the Linux kernel. > It does argument splitting only _after_ it expanded the macros.
I think that this is a bug in the Linux kernel that needs to be fixed, would you mind sending either a bug or a patch for this issue? > If the executable name contains spaces, you will get more than 2 or 3 > arguments. On kernels that don't support %d, this allows an attacker to > control the "owner" variable. I think I can workaround this using this core pattern: kernel.core_pattern = |/usr/lib/corekeeper/dump %u %d -- %p-%u-%g-%s-%t-%h-%E.core For old kernels this will be run: /usr/lib/corekeeper/dump 1000 -- ...!file name.core For new kernels this will be run: /usr/lib/corekeeper/dump 1000 1 -- ...!file name.core Then the code will simply check for -- in $2 and $3 instead of checking for the number of arguments and bundle the remaining arguments into the core file name. Do you think this approach will work correctly? PS: do you think spaces in the filenames passed by the kernel should also be replaced with dashes in the core file names? -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
