Re: Local information disclosure in apport and systemd-coredump

[Zbigniew Jędrzejewski-Szmek <zbyszek () in waw pl>]

Hi Alexander,

On Fri, Jun 06, 2025 at 03:20:27AM +0200, Solar Designer wrote:
> In your message to linux-distros, you shared these two patches:
>
> 0001-coredump-get-rid-of-_META_MANDATORY_MAX.patch
> 0003-coredump-also-stop-forwarding-non-dumpable-processes.patch
>
> So it looks like you omitted patch number 2.  Yet to me that omitted
> patch would have been the most important part of the fix.  Was this
> omission inadvertent, or am I missing some reason to skip that patch?

Hmmm, the mail I see here in my mail folder has the middle patch too
(Message-ID: <aDRxuOl3_j0infhz () kawka3 in waw pl>). I'm not subscribed
to linux-distros so I didn't see the message as it was received on
the mailing list.

> I think it's these 3 commits (as they appear in the main branch, and I
> see equivalent ones are also in v257-stable and v256-stable):
> commit 8fc7b2a211eb13ef1a94250b28e1c79cab8bdcb9
> commit 0c49e0049b7665bb7769a13ef346fef92e1ad4d6
> commit 49f1f2d4a7612bbed5211a73d11d6a94fbe3bb69

Yep, that's correct.

As you can see, we made a bunch of follow-up later on. But those
three patches are enough to resolve the issue.

Zbyszek