rpms / abrt

Clone
Source Code
GIT

Blame 0036-ccpp-make-crashes-of-processes-with-locked-memory-no.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-sig-altarch-debrand c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 master
  1.   d596add397b35a05f784b87849b9ffd6de9549b4
  2.   0036-ccpp-make-crashes-of-processes-with-locked-memory-no.patch
Blob History Raw
Jakub Filak d596ad 
From a16d12d27e5c12f3e4ab5defaf775a692c405206 Mon Sep 17 00:00:00 2001
Jakub Filak d596ad 
From: Jakub Filak <jfilak@redhat.com>
Jakub Filak d596ad 
Date: Wed, 11 Nov 2015 13:19:35 +0100
Jakub Filak d596ad 
Subject: [PATCH] ccpp: make crashes of processes with locked memory
Jakub Filak d596ad 
 not-reportable
Jakub Filak d596ad
Jakub Filak d596ad 
Lets begin with a simply policy preventing users from accidental
Jakub Filak d596ad 
publication of problem data with security sensitive data.
Jakub Filak d596ad
Jakub Filak d596ad 
"not-reportable" problems can still be auto-reported. That is not an
Jakub Filak d596ad 
security issue because uReports does not contain any user data stored in
Jakub Filak d596ad 
process' memory (only stack-trace without values local|global variables
Jakub Filak d596ad 
and function arguments).
Jakub Filak d596ad
Jakub Filak d596ad 
Related to #796.
Jakub Filak d596ad
Jakub Filak d596ad 
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Jakub Filak d596ad 
---
Jakub Filak d596ad 
 src/hooks/abrt-hook-ccpp.c | 21 +++++++++++++++++++++
Jakub Filak d596ad 
 1 file changed, 21 insertions(+)
Jakub Filak d596ad
Jakub Filak d596ad 
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
Jakub Filak d596ad 
index 809b45e..4b79900 100644
Jakub Filak d596ad 
--- a/src/hooks/abrt-hook-ccpp.c
Jakub Filak d596ad 
+++ b/src/hooks/abrt-hook-ccpp.c
Jakub Filak d596ad 
@@ -868,6 +868,27 @@ int main(int argc, char** argv)
Jakub Filak d596ad
Jakub Filak d596ad 
         dd_save_text(dd, FILENAME_ABRT_VERSION, VERSION);
Jakub Filak d596ad
Jakub Filak d596ad 
+        /* In case of errors, treat the process as if it has locked memory */
Jakub Filak d596ad 
+        long unsigned lck_bytes = ULONG_MAX;
Jakub Filak d596ad 
+        const char *vmlck = strstr(proc_pid_status, "VmLck:");
Jakub Filak d596ad 
+        if (vmlck == NULL)
Jakub Filak d596ad 
+            error_msg("/proc/%s/status does not contain 'VmLck:' line", pid_str);
Jakub Filak d596ad 
+        else if (1 != sscanf(vmlck + 6, "%lu kB\n", &lck_bytes))
Jakub Filak d596ad 
+            error_msg("Failed to parse 'VmLck:' line in /proc/%s/status", pid_str);
Jakub Filak d596ad 
+
Jakub Filak d596ad 
+        if (lck_bytes)
Jakub Filak d596ad 
+        {
Jakub Filak d596ad 
+            log_notice("Process %s of user %lu has locked memory",
Jakub Filak d596ad 
+                        pid_str, (long unsigned)uid);
Jakub Filak d596ad 
+
Jakub Filak d596ad 
+            dd_mark_as_notreportable(dd, "The process had locked memory "
Jakub Filak d596ad 
+                    "which usually indicates efforts to protect sensitive "
Jakub Filak d596ad 
+                    "data (passwords) from being written to disk.\n"
Jakub Filak d596ad 
+                    "In order to avoid sensitive information leakages, "
Jakub Filak d596ad 
+                    "ABRT will not allow you to report this problem to "
Jakub Filak d596ad 
+                    "bug tracking tools");
Jakub Filak d596ad 
+        }
Jakub Filak d596ad 
+
Jakub Filak d596ad 
         if (setting_SaveBinaryImage)
Jakub Filak d596ad 
         {
Jakub Filak d596ad 
             if (save_crashing_binary(pid, dd))
Jakub Filak d596ad 
--
Jakub Filak d596ad 
2.6.3
Jakub Filak d596ad

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation