mirror of
https://github.com/apple/swift.git
synced 2025-12-14 20:36:38 +01:00
6c7eda887e
We should harden the output path setting so that it can't be used as part of an exploit to get a crashing process to overwrite a file at an attacker-controller path, or to divert the crash report to `/dev/null` to hide their tracks or other such undesirable activity. Take a copy of the setting at start-up and write-protect it to prevent attackers overwriting it. Note that we already protect against attempts to trigger the backtracer from privileged programs (both on Darwin and Linux); this is really a belt and braces measure to make life harder for attackers. rdar://136977833
6.7 KiB
6.7 KiB