Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
List: tech-kern
Date: 01/25/2006 01:51:10
On Tue, Jan 24, 2006 at 05:07:07PM -0500, Thor Lancelot Simon wrote:
> On Tue, Jan 24, 2006 at 09:44:17PM +0100, Bernd Ernesti wrote:
> > On Tue, Jan 24, 2006 at 06:33:27PM +0200, Elad Efrat wrote:
> > > Since there are no objections, I'll soon commit the posted code
> > > (without any new sysctl constants)...
> >
> > Changing these settings should depend on kern.securelevel.
>
> Yes, we've been through this before. It certainly should not be
> possible to change these at securelevel > 0, or we will introduce
> a regression in the security model.
How? Can a core owerwrite an immutable file? This would be a bug
regardless of securelevel.
Pavel