tech-security: Re: sysctl knob to let sugid processes dump core (pr 15994)

Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: None <tech-security@NetBSD.org, tech-kern@NetBSD.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 01/24/2006 17:07:07

On Tue, Jan 24, 2006 at 09:44:17PM +0100, Bernd Ernesti wrote:
> On Tue, Jan 24, 2006 at 06:33:27PM +0200, Elad Efrat wrote:
> > Since there are no objections, I'll soon commit the posted code
> > (without any new sysctl constants)...
> 
> Changing these settings should depend on kern.securelevel.

Yes, we've been through this before.  It certainly should not be
possible to change these at securelevel > 0, or we will introduce
a regression in the security model.

-- 
  Thor Lancelot Simon	                                     tls@rek.tjls.com

  "We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others."      - H.L.A. Hart