tech-userlevel: Re: cvs commit: src/lib/libc/db/hash hash

Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c
To: Karl Denninger <karl@mcs.net>
From: Chris G Demetriou <Chris_G_Demetriou@ux2.sp.cs.cmu.edu>
List: tech-userlevel
Date: 10/18/1996 14:48:16

> If you're arguing for no core dumps of anything which could contain
> sensitive data, then the bottom line is that you have to decline any of the
> following:
> 
> 1)	ptrace() on any process which was STARTED Suid (not "currently is"
> 	SUID).  This precludes debugging on a process in this state.
> 
> 2)	Any process which starts with the SUID or SGID bit on must
> 	internally decline to dump core (regardless of ulimit settings) at
> 	all times -- both while SUID and *IF SUID IS REVOKED BY THE JOB*.

Not quite...

(1) should be "ptrace() by non-root"...

and you forgot:

(3) access via procfs by non-root to any process which was started
suid.



cgd