Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Greg Troxel <gdt@ir.bbn.com>
From: Garrett D'Amore <garrett_damore@tadpole.com>
List: tech-kern
Date: 01/13/2006 10:12:18
Greg Troxel wrote:

>  I like the idea of both default owner and default directory to save the
>  coredumps of sugid processes.
>
>That sounds complicated.  How about just make them owned by root and
>0400, and put them where they would have gone if not suid?  Anyone who
>is debugging suid stuff and wants core dumps can become root to deal
>with the core dump.  And, there's less to go wrong security-wise than
>managing more defaults.
>
>  
>
Uh, have to be careful here about creating another issue of
symlink-based attacks.

I prefer to have the core dumps be owned by root, and stashed in a
special directory iff the following are true:

The directory (e.g. /var/core) is only writeable by root.
The directory's parent hierarchy is only writeable by root.

These checks maybe should be enabled by yet another sysctl, in case some
site has some special reason not to enforce them.

-- 
Garrett D'Amore                          http://www.tadpolecomputer.com/
Sr. Staff Engineer          Extending the Power of 64-bit UNIX Computing
Tadpole Computer, Inc.                             Phone: (951) 325-2134