[systemd-bugs] [Bug 65382] src/shared/dev-setup.c is creating /dev/core symlink without checking if /proc/kcore is present
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Jun 5 22:05:06 PDT 2013
https://bugs.freedesktop.org/show_bug.cgi?id=65382
--- Comment #5 from Lennart Poettering <lennart at poettering.net> ---
(In reply to comment #4)
> (In reply to comment #3)
> > sorry. but we do not support out-of-tree kernel patches in systemd like
> > this, where there's no clear perspective that they might ever go in. Please
> > work with the grsecurity folks first to get their patches into the kernel
> > proper before we can deal with this in systemd. this is true especially as
> > there isnt really any behavioral impliciation of not fixing this as you get
> > ENOENT either way.
> >
> > Sorry.
>
> Ok, even without patching vanilla kernel with grsecurity or any other
> hardening patches, /proc/kcore could be disabled in kernel config as a
> security precaution.
Oh, there is such a kernel config option available without gresecurity? What's
its name?
> From my perspective I can understand different scenarios where this file is
> missing. Though I can not understand you desire to keep broken symlinks in
> /dev/ 'just because'. Does udev really need this symlink to work properly?
> Or maybe some other applications need it? Removing this broken symlink will
> trigger EACCES rather than ENOENT so my guess is no harm for applications
> would be done.
Well, the kernel maintains /proc/kcore, and if this cannot be turned off in
normal kernels then I see no reasons to support not creating the symlink for
it. We do not support patched kernels like this, that's all.
If disabling kcore is indeed available as an option in vanilla kernels, then
this would change the story however.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20130606/0685a69b/attachment.html>
More information about the systemd-bugs
mailing list