LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-31-2018, 11:36 AM   #1
sk_azeem
LQ Newbie
 
Registered: Oct 2018
Posts: 4

Rep: Reputation: Disabled
Restricting sensitive information in the core dumps


Hi,

I am trying to find a way for removing sensitive information from the core dumps.
I am aware that best way to avoid this problem is to disable core dumps in the system.

Other than this are there any options which are system specific(not individual process specific) for removing sensitive information from the core dumps?

Any help or suggestions in this direction are appreciated.

Thanks & regards,
Azeem
 
Old 10-31-2018, 12:31 PM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,139

Rep: Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307
A little work with sed? IPs, email addresses, etc can get replaced by 'redacted'?
 
Old 11-01-2018, 04:32 AM   #3
sk_azeem
LQ Newbie
 
Registered: Oct 2018
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thanks for your quick reply.

I think for using these solution we have to be aware of all sensitive fields and it has to be continuous process to update any newly added field.
Is there something that we can do based on the type of data like all private variables are not dumped in core dump?

Thanks & regards,
Azeem
 
Old 11-01-2018, 06:12 AM   #4
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 21,684

Rep: Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274
I'm not really sure I understand that. How do you know about "all sensitive fields", how do you know about "newly added field"? What do you mean by variable at all? Do you know how the data handled by a [any] process stored in the memory at all? And what about shared memory, what about cache and other things (like database, remote drives....)
 
Old 11-01-2018, 12:01 PM   #5
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,139

Rep: Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307Reputation: 2307
Quote:
Originally Posted by sk_azeem View Post
Thanks for your quick reply.

I think for using these solution we have to be aware of all sensitive fields and it has to be continuous process to update any newly added field.
Is there something that we can do based on the type of data like all private variables are not dumped in core dump?

Thanks & regards,
Azeem
I was thinking of users, passwords, email addresses - externally accessible information. If you're into restricting private variables only available, I presume, in your source code, my advice is to restrict the core dump circulation. My answer related purely to GPL or soon-to-be GPL software where source will be available. Do I gather that's not your use case?
 
Old 11-01-2018, 12:38 PM   #6
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,876
Blog Entries: 13

Rep: Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930
If you're talking about a GCC core file, it is a binary file.

Perhaps there is a structure that is explained in the GCC utilities or source. Perhaps even more globally for debuggers in general because I'm betting that the GCC utilities would have decided to employ standard output information for compiled code debug, if anything like that exits.

I suspect what you're talking about is sensitive data that a program can access. For instance: say a database program crashed, generated a core file, and then there may be copies of record data in the core file which will be viewable when someone debugs the file. Whether or not the person debugging is entitled to view this data would be one question. The other question would be whether or not any data of that nature would be able to be extracted by someone possessing the core file.

I feel that you may possibly be capable of vetting this type of data from a core file, however you would have to re-write the process which creates a core file, and either (A) take an existing core file, decode it, remove the data, and then re-write it, or (B) alter the overall generation of a core file by altering the libraries on the system running them.

Seems like option A would be the way to go here, but it clearly is a lot of work.

The obvious is that any core file containing potentially sensitive information of any type should be afforded the same levels of protection that the sensitive information receives. Why? Because with the correct support files, it is very easy to analyze a core file, and thus view any copies of data, sensitive or not, contained within the core file.

And, No. I'm not aware of any existing capability to do this.
 
Old 11-01-2018, 04:04 PM   #7
sk_azeem
LQ Newbie
 
Registered: Oct 2018
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pan64 View Post
I'm not really sure I understand that. How do you know about "all sensitive fields", how do you know about "newly added field"? What do you mean by variable at all? Do you know how the data handled by a [any] process stored in the memory at all? And what about shared memory, what about cache and other things (like database, remote drives....)
Sensitive fields I mean like email addresses, phone numbers, etc. If I know in my application these are sensitive fields and I choose type as private.

If my understanding is correct it is suggested that after the post core dump I use commands like sed to purge values of these sensitive variables.

If new sensitive field is introduced in the application then I need to again update sed command.

I need your help in understanding this ...

In the core dump manual page I found something like below(http://man7.org/linux/man-pages/man5/core.5.html)

*************************************************************************************
Controlling which mappings are written to the core dump
Since kernel 2.6.23, the Linux-specific /proc/[pid]/coredump_filter
file can be used to control which memory segments are written to the
core dump file in the event that a core dump is performed for the
process with the corresponding process ID.

The value in the file is a bit mask of memory mapping types (see
mmap(2)). If a bit is set in the mask, then memory mappings of the
corresponding type are dumped; otherwise they are not dumped.
The
bits in this file have the following meanings:

bit 0 Dump anonymous private mappings.
bit 1 Dump anonymous shared mappings.
bit 2 Dump file-backed private mappings.
bit 3 Dump file-backed shared mappings.
bit 4 (since Linux 2.6.24)
Dump ELF headers.
bit 5 (since Linux 2.6.28)
Dump private huge pages.
bit 6 (since Linux 2.6.28)
Dump shared huge pages.
bit 7 (since Linux 4.4)
Dump private DAX pages.
bit 8 (since Linux 4.4)
Dump shared DAX pages.
*************************************************************************************

I am not able to understand these mapping correctly, so wanted to take opinion is this something I can use for the need in the subject.

Thanks & regards,
Azeem
 
Old 11-01-2018, 04:43 PM   #8
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 21,684

Rep: Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274
do you mean applications written in C (or C++)? Or something else? Do you want to handle your own apps, or some "external" ones?
 
Old 11-05-2018, 03:46 AM   #9
sk_azeem
LQ Newbie
 
Registered: Oct 2018
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pan64 View Post
do you mean applications written in C (or C++)? Or something else? Do you want to handle your own apps, or some "external" ones?
Yes, I mean a program written in C++.

Thanks & regards,
Azeem
 
Old 11-14-2018, 08:53 AM   #10
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,198

Rep: Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307
Quote:
Originally Posted by sk_azeem View Post
If I know in my application these are sensitive fields and I choose type as private.
Is the scope of this entirely for your own applications?

Just fix the crash bugs, and you won't have to worry about the core dumps.

If the use case here is what I think it is, on the other hand (you have a third party program that's crashing, and you want to scrub sensitive information from the core dumps before sending them to the vendor), then honestly, I'd say ask what the vendor says.

Last edited by dugan; 11-14-2018 at 08:54 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Core Dumps jmukhtar Linux - Kernel 5 01-26-2011 05:11 AM
How do I redirect core dumps? felbvts Red Hat 4 06-29-2009 11:17 PM
Want to create a directory for storing personnal sensitive information,(openSuSe) edmondgyampoh Linux - Newbie 5 05-18-2009 12:41 PM
Core dumps amitktd Solaris / OpenSolaris 2 05-31-2007 12:39 AM
Ps dumps core in linux 2.4.22 rbecker Linux - General 2 01-04-2006 11:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration