Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Curt Sampson <cjs@cynic.net>
From: Brett Lymn <blymn@baesystems.com.au>
List: tech-kern
Date: 01/25/2006 11:21:32
On Wed, Jan 25, 2006 at 09:34:01AM +0900, Curt Sampson wrote:
> 
> What advantages do you see to making it depend on kern.securelevel? What
> threat model do you have here?
> 

That someone could tweak the knobs up and be able to harvest private
information from set*id cores.  I suppose the counter to that is only
root should be able to do this and if someone is root already... they
don't need to bother with surfing cores for neat stuff, mind you if
they can just get on, tweak the knobs, get off and then just wait for
the cores it may be less noticeable than a root user wandering about
the system.

-- 
Brett Lymn