Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: sysctl knob to let sugid processes dump core (pr 15994)
From: Greg Troxel (gdtir.bbn.com)
Date: Fri Jan 13 2006 - 11:34:45 CST
I like the idea of both default owner and default directory to save the
coredumps of sugid processes.
That sounds complicated. How about just make them owned by root and
0400, and put them where they would have gone if not suid? Anyone who
is debugging suid stuff and wants core dumps can become root to deal
with the core dump. And, there's less to go wrong security-wise than
managing more defaults.
Greg Troxel <gdtir.bbn.com>