From ab4351808352e00d72a7fd948e3e923d08e1a0fc Mon Sep 17 00:00:00 2001 From: Jakub Filak Date: Wed, 30 Sep 2015 12:19:48 +0200 Subject: [PATCH] ccpp: ignore crashes of ABRT binaries if DebugLevel == 0 Prior this commit abrt-hook-ccpp was saved core file of any crashed process executing program whose name starts with "abrt" in DUMP_LOCATION. ABRT does not check size constraints of these core files, so the files could consume an uncontrolled amount of disk space. Related to CVE-2015-5287 Related: #1262252 Signed-off-by: Jakub Filak --- src/hooks/abrt-hook-ccpp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c index 12b3f118..7a19cc2 100644 --- a/src/hooks/abrt-hook-ccpp.c +++ b/src/hooks/abrt-hook-ccpp.c @@ -842,6 +842,13 @@ int main(int argc, char** argv) const char *last_slash = strrchr(executable, '/'); if (last_slash && strncmp(++last_slash, "abrt", 4) == 0) { + if (g_settings_debug_level == 0) + { + log_warning("Ignoring crash of %s (SIG%s).", + executable, signame ? signame : signal_str); + goto finito; + } + /* If abrtd/abrt-foo crashes, we don't want to create a _directory_, * since that can make new copy of abrtd to process it, * and maybe crash again... -- 1.8.3.1