Subject: SUGID bit in coredump()
To: None <tech-kern@NetBSD.ORG>
From: Curt Sampson <firstname.lastname@example.org>
Date: 10/18/1996 09:58:17
> Fri Oct 18 01:39:35 PDT 1996
> Update of /cvsroot/src/sys/kern
> In directory netbsd1:/var/slash-tmp/cvs-serv25445
> Modified Files:
> Log Message:
> in coredump(), check the SUGID bit rather than testing various parts
> of the cred structures. this prevents a previously set[gu]id process
> from generating a core file.
Does this also catch the situation where a process (say, ftpd)
starts as root, and then does a setuid/setgid to become a certain
user? If so, that solves the ftpd problem recently posted on BoS,
where you could convince ftpd to core dump and it would leave chunks
of /etc/master.passwd behind in the core file. In fact, it solves
that general class of problem.
Curt Sampson email@example.com Info at http://www.portal.ca/
Internet Portal Services, Inc.
Vancouver, BC (604) 257-9400 De gustibus, aut bene aut nihil.