tech-security: Re: sysctl knob to let sugid processes dump core (pr 15994)

Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Curt Sampson <cjs@cynic.net>
From: SODA Noriyuki <soda@sra.co.jp>
List: tech-security
Date: 02/03/2006 17:38:03

>>>>> On Fri, 3 Feb 2006 17:27:59 +0900 (JST),
      Curt Sampson <cjs@cynic.net> said:

> But security is special, because it's so important. 

You mean we should move existing nodes to the security tree?
I don't like anything which introduces incompatibility...

Also, if the default settings are all secure side, are those settings
really important for average users?

> That said, I'm not sure it really needs a separate node; I'd need to
> examine all the security-related settings in context to see.

In that case, having a file like /usr/share/examples/sysctl/security,
which lists all security related nodes, may be enough.
Because you can see all settings by:
	sysctl `cat /usr/share/examples/sysctl/security`
--
soda