tech-userlevel: Re: cvs commit: src/lib/libc/db/hash hash

Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c
To: Karl Denninger <karl@Mcs.Net>
From: David Greenman <dg@root.com>
List: tech-userlevel
Date: 10/18/1996 10:11:22

>If you're arguing for no core dumps of anything which could contain
>sensitive data, then the bottom line is that you have to decline any of the
>following:
>
>1)	ptrace() on any process which was STARTED Suid (not "currently is"
>	SUID).  This precludes debugging on a process in this state.
>
>2)	Any process which starts with the SUID or SGID bit on must
>	internally decline to dump core (regardless of ulimit settings) at
>	all times -- both while SUID and *IF SUID IS REVOKED BY THE JOB*.

   Yup. ...but perhaps the way this should work is by setting the process
coredump rlimit to 0 in these cases so that the program can explicitly turn
coredumps back on when debugging.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project