Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: None <firstname.lastname@example.org, email@example.com>
From: Pavel Cahyna <firstname.lastname@example.org>
Date: 01/26/2006 08:36:30
On Wed, Jan 25, 2006 at 09:47:37PM -0500, Thor Lancelot Simon wrote:
> On Thu, Jan 26, 2006 at 12:14:50AM +0100, Pavel Cahyna wrote:
> > and data on the system". That's why it disables changing of file flags,
> > /dev/mem, and mounted disks. ptrace() or coredumps have nothing to do with
> > the TCB.
> I'll respond to the rest of your message later, but there's one thing here
> that's of note. The reason ptrace() of init is prohibited is expressly
> to protect the TCB: attach a debugger to init, and you can yank securelevel
> around -- game over.
Yes, this sounds reasonable.