oss-sec mailing list archives
Re: Re: Asserts considered harmful (or GMP spills its sensitive information)
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 2 Jan 2019 16:53:16 -0500
On Tue, Jan 1, 2019 at 7:42 AM Simon McVittie <smcv () debian org> wrote:
On Tue, 01 Jan 2019 at 12:07:17 +0100, Niels Möller wrote:A security sensitive application can easily disable generation of core files, using setrlimit (on the linux kernel, prctl may also be useful).If you want to avoid core dumps being recorded on Linux in the presence of system configuration that writes them into a pipe to a command instead of to a core file (systemd-coredump, corekeeper, abrt, apport etc., using a string starting with | in /proc/sys/kernel/core_pattern), then you need to use prctl PR_SET_DUMPABLE. Setting RLIMIT_CORE to 0 prevents the kernel from creating core dump files itself, but does not prevent it from writing them to pipes.
This is kind of interesting. It looks like systems running systemd with coredumpctl store the dumps in journald. Systemd does not appear to offer a way to clear them, so a '/var/log/journal/*/*' is needed. $ cat coredump.c #include <stdio.h> #include <assert.h> int main(int argc, char* argv[]) { char password[128]; printf("Please enter your password:\n"); if(fgets(password, sizeof(password), stdin) != NULL) { /* do some real work, detect an error condition, then... */ assert(0); } return 0; } $ gcc coredump.c -o coredump.exe $ ./coredump.exe Please enter your password: supersecretpassword coredump.exe: coredump.c:11: main: Assertion `0' failed. Aborted (core dumped) $ coredumpctl list TIME PID UID GID SIG COREFILE EXE Wed 2019-01-02 16:23:15 EST 10827 1000 1000 6 present /home/jwalton/... $ coredumpctl -o coredump.exe.core dump 10827 PID: 10827 (coredump.exe) UID: 1000 (jwalton) GID: 1000 (jwalton) Signal: 6 (ABRT) $ strings coredump.exe.core | grep supersecret supersecretpassword supersecretpassword
Current thread:
- Re: Asserts considered harmful (or GMP spills its sensitive information) Matthew Fernandez (Jan 01)
- Disabling ptrace (was Re: [oss-security] Asserts considered harmful (or GMP spills its sensitive information)) Niels Möller (Jan 01)
- Re: Disabling ptrace Jakub Wilk (Jan 02)
- Re: Disabling ptrace Niels Möller (Jan 02)
- Re: Disabling ptrace Jakub Wilk (Jan 02)
- <Possible follow-ups>
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Simon McVittie (Jan 01)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) halfdog (Jan 01)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 02)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) halfdog (Jan 02)
- Re: Re: Asserts considered harmful (or GMP spills its sensitive information) Simon McVittie (Jan 01)
- Disabling ptrace (was Re: [oss-security] Asserts considered harmful (or GMP spills its sensitive information)) Niels Möller (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Vincent Lefevre (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Torbjörn Granlund (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 01)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 06)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Jan 06)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Niels Möller (Jan 01)