Subject: Re: The reason for securelevel (was: sysctl knob to let sugid processes dump core (pr 15994))
To: None <tech-kern@NetBSD.org>
From: None <joerg@britannica.bec.de>
List: tech-kern
Date: 01/26/2006 15:34:12
On Thu, Jan 26, 2006 at 11:25:38AM +0100, Martin Husemann wrote:
> To be consistent, I think we also should have a sysctl knob that (dis-)allows
> root to ptrace(PT_ATTACH, ...) to suid processes, and forbid changing this
> setting at securelevel >= 1.

The reason I gave the ptrace argument was Thor's argment of setugid
coredumping creating a security regression. This is not the case for any
process, but init, since the data can already be obtained directly via
ptrace.

I completely agree that securelevel >= 1 is already overloaded, but keep
another aspect in mind: making the variables read-only is not the best
option either. It should not be allowed to (re)active them, but
disabling them should be entirely fine.

Joerg