Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: None <tech-security@NetBSD.org, tech-kern@NetBSD.org>
From: Curt Sampson <email@example.com>
Date: 01/25/2006 09:34:01
On Tue, 24 Jan 2006, Bernd Ernesti wrote:
> Changing these settings should depend on kern.securelevel.
If you mean that one should not be able to change them above a certain
securelevel, I'm not so sure. After all, it's production machines
that are most likely to be running at a higher securelevel, and it's
production machines that are most likely to need this facility, since
if you could reproduce the bug on a development machine with a non-suid
version of the binary, you would hardly be likely to be trying to debug
on a production machine.
What advantages do you see to making it depend on kern.securelevel? What
threat model do you have here?
Curt Sampson <firstname.lastname@example.org> +81 90 7737 2974
The power of accurate observation is commonly called cynicism
by those who have not got it. --George Bernard Shaw