Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Brett Lymn <email@example.com>
From: Curt Sampson <firstname.lastname@example.org>
Date: 01/25/2006 09:53:31
On Wed, 25 Jan 2006, Brett Lymn wrote:
> On Wed, Jan 25, 2006 at 09:34:01AM +0900, Curt Sampson wrote:
>> What advantages do you see to making it depend on kern.securelevel? What
>> threat model do you have here?
> That someone could tweak the knobs up and be able to harvest private
> information from set*id cores. I suppose the counter to that is only
> root should be able to do this and if someone is root already...
Err...I had kinda assumed that only root could tweak these. What sysctl
knobs are there that someone other than root can tweak?
> ...mind you if they can just get on, tweak the knobs, get off and then
> just wait for the cores it may be less noticeable than a root user
> wandering about the system.
With a commonly-available rootkit, these users are not very noticable
Curt Sampson <email@example.com> +81 90 7737 2974
The power of accurate observation is commonly called cynicism
by those who have not got it. --George Bernard Shaw