Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: SODA Noriyuki <soda@sra.co.jp>
From: Curt Sampson <cjs@cynic.net>
List: tech-kern
Date: 02/03/2006 17:45:06
On Fri, 3 Feb 2006, SODA Noriyuki wrote:
>>>>>> On Fri, 3 Feb 2006 17:27:59 +0900 (JST),
> Curt Sampson <cjs@cynic.net> said:
>
>> But security is special, because it's so important.
>
> You mean we should move existing nodes to the security tree?
> I don't like anything which introduces incompatibility...
Possibly. I'm not sure.
I don't like incompatabilities, either, but if a design is bad, I think
it's better to bear the pain and fix it, if we're sure the fix is the
proper one, and is much better. (I don't know that this is.)
> In that case, having a file like /usr/share/examples/sysctl/security,
> which lists all security related nodes, may be enough.
> Because you can see all settings by:
> sysctl `cat /usr/share/examples/sysctl/security`
Hm. Now that's a good idea.
cjs
--
Curt Sampson <cjs@cynic.net> +81 90 7737 2974
The power of accurate observation is commonly called cynicism
by those who have not got it. --George Bernard Shaw