Re: coredumps on setuid programs.

a.beckettfml.co.uk

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Christopher Klaus: "Bad Advise"
• Previous message: Christopher Davis: "Re: Is starting a user program on priv port via inetd dangerous ?"
• In reply to: George Boyce: "Re: coredumps on setuid programs."

In article AA12832csteam.com, George Boyce <georgecsteam.com> () writes:
> > >From the man page:
> 
> Isn't quoting documentation on a bug mailing list like, um, trusting
> that there aren't bugs in the first place? I mean the vendors ship
> systems which allow worldwide root access. How do you know some hacker
> didn't *write* the man page you are reading...
> 

You may have noticed that Dylan also said:

> I tried something quick this morning under Solaris 2.3, and it does
> not produce core files from setuid programs.

Like me, he tried it _as_well_as_ checking the man page. Of course, I'd wouldn't
even believe a manual page even if it was genuine; it's not entirely unheard of
for sun to break a security feature (never, I hear you say!).


*******************************************************************
* Andrew Beckett                *                                 *
* Senior Design Engineer        *                                 *
* Fujitsu Microelectronics Ltd  *                                 *
* Highway House                 * phone    : (0628) 71116         *
* Norreys Drive                 * fax      : (0628) 773990        *
* Maidenhead. Berks SL6 4BW     * email    : a.beckettfml.co.uk  *
*******************************************************************

• Next message: Christopher Klaus: "Bad Advise"
• Previous message: Christopher Davis: "Re: Is starting a user program on priv port via inetd dangerous ?"
• In reply to: George Boyce: "Re: coredumps on setuid programs."