tech-userlevel: Re: setuid, core dumps, ftpd, and DB

Subject: Re: setuid, core dumps, ftpd, and DB
To: Charles M. Hannum <mycroft@mit.edu>
From: Poul-Henning Kamp <phk@critter.tfs.com>
List: tech-userlevel
Date: 10/20/1996 08:40:24

Charles, 

It was pointed out by me already 8 years ago:

   "[...] core-dumps as default is an evil thing.  There should be
    some way to >enable< core-dumps when you want them, rather than
    have them as default.  This would also solve security issue 
    where a core-dump may contain sensitive information. [...]"

What we need is really a new syscall:

	procctl(pid, function, arg)

with the following functions:

	PROCCTL_NOCORE
		disable core-dumping (arg not used)
	PROCCTL_CORE
		enable core-dumping (arg not used)
	PROCCTL_NEVERCORE
		disables core-dumping, and it cannot be reenabled
		until after next exec (arg not used)
	PROCCTL_CORENAME
		(arg is pathname to use for corefile)

--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Future will arrive by its own means, progress not so.