Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 01/25/2006 21:47:37
On Thu, Jan 26, 2006 at 12:14:50AM +0100, Pavel Cahyna wrote:
> and data on the system". That's why it disables changing of file flags,
> /dev/mem, and mounted disks. ptrace() or coredumps have nothing to do with
> the TCB.
I'll respond to the rest of your message later, but there's one thing here
that's of note. The reason ptrace() of init is prohibited is expressly
to protect the TCB: attach a debugger to init, and you can yank securelevel
around -- game over.
--
Thor Lancelot Simon tls@rek.tjls.com
"We cannot usually in social life pursue a single value or a single moral
aim, untroubled by the need to compromise with others." - H.L.A. Hart