Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Bill Studenmund <wrstuden@NetBSD.org>
From: Garrett D'Amore <garrett_damore@tadpole.com>
List: tech-security
Date: 01/13/2006 12:31:15
Bill Studenmund wrote:
>On Fri, Jan 13, 2006 at 11:16:43AM -0800, Garrett D'Amore wrote:
>
>
>>Elad Efrat wrote:
>>
>>
>>
>>>Garrett D'Amore wrote:
>>>
>>>
>>>
>>>>These checks maybe should be enabled by yet another sysctl, in case some
>>>>site has some special reason not to enforce them.
>>>>
>>>>
>>>It seems like this is getting way too bloated. The original request was
>>>for a knob to be used on development machines; I'm not sure who would
>>>want to enable such a feature on a production box.
>>>
>>>The suggestion of setting a directory and owner via sysctl seems enough
>>>for me; root should take care of anything around it.
>>>
>>>
>>>
>>>
>>Here's the scenario I see, and it should be thought out:
>>
>>
>
>I agree that it'd be nice to support the scenario you describe. However
>let's do this in steps. I think that adding a way to enable set-id cores
>is a good first step. Also, I don't think the proposed sysctls will impare
>supporting the scenario you describe, so let's add it/them now. :-)
>
>
I agree that stepwise is a reasonable idea, but if we do that, we need
to "in the interim" describe the limitations/considerations in the man
page. For my 2 cents, its easier to just get add an extra sysctl.
Btw, we might want kern.defcorename and a new kern.defsuidcorename
sysctl, the latter can use a full path name, without imparing ordinary
behavior that we are all used to for non-suid processes.
-- Garrett
>Also, we have the kern.defcorename sysctl now. If we want things in a
>specific directory, why not just put a full path in there? That way we
>wouldn't need a new sysctl. :-)
>
>Take care,
>
>Bill
>
>
--
Garrett D'Amore http://www.tadpolecomputer.com/
Sr. Staff Engineer Extending the Power of 64-bit UNIX Computing
Tadpole Computer, Inc. Phone: (951) 325-2134