Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: None <>
From: Thor Lancelot Simon <>
List: tech-security
Date: 01/25/2006 16:47:18
On Wed, Jan 25, 2006 at 10:41:57PM +0100, wrote:
> On Wed, Jan 25, 2006 at 01:28:10PM -0500, Thor Lancelot Simon wrote:
> > You could always change one line in the kernel and get this, if you wanted
> > it.  The difference, before, was that on a system running at securelevel 1
> > or higher, you would need access to the machine in single user mode to do
> > so, which allowed tightly constraining the set of potential attackers.
> How does a securelevel of >= 1 prevent a root process from using ptrace
> on the very same process you would have a coredump from?

That is a bug.