Subject: Re: setuid, core dumps, ftpd, and DB
To: Chris G Demetriou <Chris_G_Demetriou@ux2.sp.cs.cmu.edu>
From: Charles M. Hannum <mycroft@mit.edu>
List: tech-userlevel
Date: 10/20/1996 05:55:16
Chris G Demetriou <Chris_G_Demetriou@ux2.sp.cs.cmu.edu> writes:

>
> Charles, re: "is a core dump on this weird file system safe"?
> Actually, a good solution there might be a "NOCOREDUMP" mount flag, a
> la NOSUID and NOEXEC.  That has several advantages:

That sounds reasonable, as long as one keeps in mind that it doesn't
solve all of the problems.

It might also be nice to make the core dump location configurable.  I
could imagine having, e.g., a read-protected /var/core directory, so
that the system manager could inspect core dumps later, but they'd be
protected from snoopers, and wouldn't affect quotas.  (This wouldn't
be useful in some environments, though, like Athena.)

BTW, one thing I actually liked about NewsOS was that it changed the
`nodev' and `nosuid' flags to be affirmative (`devs' and `suid')
rather than negative.  This made it harder to make a system insecure
accidentally.