Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c
To: Karl Denninger <karl@Mcs.Net>
From: David Greenman <dg@root.com>
List: tech-userlevel
Date: 10/18/1996 10:11:22
>If you're arguing for no core dumps of anything which could contain
>sensitive data, then the bottom line is that you have to decline any of the
>following:
>
>1) ptrace() on any process which was STARTED Suid (not "currently is"
> SUID). This precludes debugging on a process in this state.
>
>2) Any process which starts with the SUID or SGID bit on must
> internally decline to dump core (regardless of ulimit settings) at
> all times -- both while SUID and *IF SUID IS REVOKED BY THE JOB*.
Yup. ...but perhaps the way this should work is by setting the process
coredump rlimit to 0 in these cases so that the program can explicitly turn
coredumps back on when debugging.
-DG
David Greenman
Core-team/Principal Architect, The FreeBSD Project