Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Elad Efrat <>
From: Garrett D'Amore <>
List: tech-security
Date: 01/23/2006 09:51:28
Elad Efrat wrote:

>Okay here's a newer patch..
>phyre:elad {47} sysctl security.setid_core
>security.setid_core.dump = 0
>security.setid_core.path = /var/crash/%n.core
>security.setid_core.owner = 0
> = 0
>security.setid_core.mode = 384
>phyre:elad {48}
>When dump is 1 set-id coredumps are enabled.
>Path is where they will be saved. It works *exactly* like
>kern.defcorename as Bill suggested, but affects only the set-id
>Owner and group are obvious, mode is *octal* (I'll add sysctl support
>for an octal printing flag like CTLFLAG_HEX).
>Defaults are dump=0, path=/var/crash/%n.core (we can add /var/core),
>owner=0, group=0, and mode=600.
I've not reviewed the code diffs, but this sounds like exactly the right

Garrett D'Amore                
Sr. Staff Engineer          Extending the Power of 64-bit UNIX Computing
Tadpole Computer, Inc.                             Phone: (951) 325-2134