Solved Core dumps on my /home/username/ !??!?

fbsd_

Active Member

Reaction score: 19
Messages: 103

Ok so FreeBSD secures memory and makes unreadable to non-root users. But by default FreeBSD comes with "ulimit = unlimited" and I think that can cause to make normal users be able to read other apps memories. No code execution maybe but core dumps can include special informations about applications and that may be a problem with FreeBSD?
I stopped core dumps by running this command:
ulimit -c 0

This command disables core dumps completely but I want to change core dumps directory. By the way Im thinking its a problem while using FreeBSD as daily system that and process can read other processes informations by finding a way to crash them.

MY QUESTION:
HOW CAN I CHANGE CORE DUMPS DIRECTORY

: I want to make it dump them to /tmp
They are large files so I guess dumping them to /tmp would be better.

Im thinking to change chown of tmp/dumps directory so that must protect them from attacks.
 

Tieks

Well-Known Member

Reaction score: 116
Messages: 281

Application dumps in a home directory don't seem a problem to me. A user knows what he or she entered. But maybe this wll help: man crash and man dumpon.
 

Alexander88207

Aspiring Daemon

Reaction score: 492
Messages: 707

Hello,

afaik, to change the directory of your core files add to the /etc/sysctl.conf

kern.corefile=/your/new/directory

Please note that have to be a path there your $USER have write access to.
 

Alain De Vos

Daemon

Reaction score: 642
Messages: 2,157

Or if you don't want cores,
Code:
kern.coredump=0                          #disable coredump 
kern.corefile=/dev/null
 
OP
F

fbsd_

Active Member

Reaction score: 19
Messages: 103

I read this as Tieks mentioned.
This solves(as Alexander told):
kern.coredump=/tmp
To disable dumps:
ulimit -c 0
or another way to disable them is(as Alain De Vos told):
kern.coredump=0

By the way kern.coredump is same on Linux too. FreeBSD really like Linux except hardrive supports lol
They requires root permission either and like Alexander told they requires to user have permission to write core dump that path
 
OP
F

fbsd_

Active Member

Reaction score: 19
Messages: 103

Hello,

afaik, to change the directory of your core files add to the /etc/sysctl.conf

kern.corefile=/your/new/directory

Please note that have to be a path there your $USER have write access to.
Yea but for example I want to make my core files not readable by user without useing chmod kinda things. I mean want to save a place owned by root. So is it possible to do something like that(without using extra scripts)?
Thanks...
 

Alexander88207

Aspiring Daemon

Reaction score: 492
Messages: 707

Yea but for example I want to make my core files not readable by user without useing chmod kinda things. I mean want to save a place owned by root. So is it possible to do something like that(without using extra scripts)?
Thanks...

I'm sorry, i can't answer that question.
 

PMc

Daemon

Reaction score: 676
Messages: 1,357

Yea but for example I want to make my core files not readable by user without useing chmod kinda things. I mean want to save a place owned by root. So is it possible to do something like that(without using extra scripts)?
Thanks...
That would need a worn device (write-once-read-never).
 

T-Daemon

Daemon

Reaction score: 875
Messages: 1,749

Yea but for example I want to make my core files not readable by user without useing chmod kinda things. I mean want to save a place owned by root. So is it possible to do something like that(without using extra scripts)?
Thanks...
Maybe this is what you are looking for:

core(5)
Code:
EXAMPLES
     In order to store all core images in per-user private areas under
     /var/coredumps, the following sysctl(8) command can be used:

           sysctl kern.corefile=/var/coredumps/%U/%N.core

'per-user private areas' suggests that by the format specifier '%U' (process UID) created directories are readable by the UID owner, and root only.

Also have a look at the other format specifiers, the one or other could be useful.
 
OP
F

fbsd_

Active Member

Reaction score: 19
Messages: 103

Maybe this is what you are looking for:

core(5)
Code:
EXAMPLES
     In order to store all core images in per-user private areas under
     /var/coredumps, the following sysctl(8) command can be used:

           sysctl kern.corefile=/var/coredumps/%U/%N.core

'per-user private areas' suggests that by the format specifier '%U' (process UID) created directories are readable by the UID owner, and root only.

Also have a look at the other format specifiers, the one or other could be useful.
Yea this was what I exactly looking for. Now core dumps more secure I think. I dont think any virus exist for stealing them from our home area but Im sure it will be more secure to store them without visible by normal users
 

ralphbsz

Son of Beastie

Reaction score: 2,342
Messages: 3,236

What are you trying to secure the core dumps against?

Core dumps contain the memory the user's program was using when it crashed. By construction, the user can read all that memory. Making core dumps unreadable is like closing the bathroom window after the horse left through the barn door. Sure, it contains details about applications ... but those were by construction readable by the user, otherwise they wouldn't have loaded them into memory in the first place.
 
OP
F

fbsd_

Active Member

Reaction score: 19
Messages: 103

What are you trying to secure the core dumps against?

Core dumps contain the memory the user's program was using when it crashed. By construction, the user can read all that memory. Making core dumps unreadable is like closing the bathroom window after the horse left through the barn door. Sure, it contains details about applications ... but those were by construction readable by the user, otherwise they wouldn't have loaded them into memory in the first place.
Yea that might be another look but while using program we can enter passwords or things like that and when core dumps I guess it can contain a lot of informations about what we did at the past. Its like saving important passwords to computer with no encryption or something like that. And I were dont know they were readable by user... How readable by user without root?
 

ralphbsz

Son of Beastie

Reaction score: 2,342
Messages: 3,236

Yea that might be another look but while using program we can enter passwords or things like that and when core dumps I guess it can contain a lot of informations about what we did at the past.
OK, I buy that argument, somewhat. If a program is working on a password (or similar, like a secret encryption key), it has it in memory. Best practice is to overwrite the cleartext password in memory after it is no longer needed, so if code is written correctly, the secret information should only be in memory for a very short time. Still, while the probability is low that a core dump will happen during that short period, it is possible.

(About the program executable)
And I were dont know they were readable by user... How readable by user without root?
If a user can execute a program, they can also read it. Reading it into memory is required before executing it.

But what is the threat here? Nearly all program run on typical machines are downloaded from the web, either in source or binary form. Say you are worried about a vulnerability in the ls program, namely that if the user gets hold of the core dump they might be able to decompile the binary and find that vulnerability. But for an attacker, that would be silly: much easier to just download the source code of "ls" and all the libraries it uses, and read it, cover to cover.
 
OP
F

fbsd_

Active Member

Reaction score: 19
Messages: 103

OK, I buy that argument, somewhat. If a program is working on a password (or similar, like a secret encryption key), it has it in memory. Best practice is to overwrite the cleartext password in memory after it is no longer needed, so if code is written correctly, the secret information should only be in memory for a very short time. Still, while the probability is low that a core dump will happen during that short period, it is possible.

(About the program executable)

If a user can execute a program, they can also read it. Reading it into memory is required before executing it.

But what is the threat here? Nearly all program run on typical machines are downloaded from the web, either in source or binary form. Say you are worried about a vulnerability in the ls program, namely that if the user gets hold of the core dump they might be able to decompile the binary and find that vulnerability. But for an attacker, that would be silly: much easier to just download the source code of "ls" and all the libraries it uses, and read it, cover to cover.
Yea like running with gdb for example I guess for reading memory... And you are right its not a very big situation or maybe not a situation because how much long they can store secret informations on memory like ralphbsz said. And yea which attacker will make a virus for freebsd and read core dumps lol. Even people uses FreeBSD be able to close or change the core dumps area. It might be only good for finding vulnerabilities yea lol. Im hopping programmers being careful for storing important informations for a short time on memory. And yea there is easier ways to read memory. Not have to search for core dumps on the system for information stealing.
 
Top