tech-kern: Re: sysctl knob to let sugid processes dump core (pr 15994)

Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Elad Efrat <elad@NetBSD.org>
From: Garrett D'Amore <garrett_damore@tadpole.com>
List: tech-kern
Date: 01/23/2006 09:51:28

Elad Efrat wrote:

>Okay here's a newer patch..
>
>phyre:elad {47} sysctl security.setid_core
>security.setid_core.dump = 0
>security.setid_core.path = /var/crash/%n.core
>security.setid_core.owner = 0
>security.setid_core.group = 0
>security.setid_core.mode = 384
>phyre:elad {48}
>
>When dump is 1 set-id coredumps are enabled.
>Path is where they will be saved. It works *exactly* like
>kern.defcorename as Bill suggested, but affects only the set-id
>dumps.
>Owner and group are obvious, mode is *octal* (I'll add sysctl support
>for an octal printing flag like CTLFLAG_HEX).
>
>Defaults are dump=0, path=/var/crash/%n.core (we can add /var/core),
>owner=0, group=0, and mode=600.
>
>Comments?
>
>-e.
>
>  
>
I've not reviewed the code diffs, but this sounds like exactly the right
behavior.

-- 
Garrett D'Amore                          http://www.tadpolecomputer.com/
Sr. Staff Engineer          Extending the Power of 64-bit UNIX Computing
Tadpole Computer, Inc.                             Phone: (951) 325-2134