Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: None <tech-security@NetBSD.org, tech-kern@NetBSD.org>
From: Curt Sampson <cjs@cynic.net>
List: tech-kern
Date: 01/25/2006 09:34:01
On Tue, 24 Jan 2006, Bernd Ernesti wrote:

> Changing these settings should depend on kern.securelevel.

If you mean that one should not be able to change them above a certain
securelevel, I'm not so sure. After all, it's production machines
that are most likely to be running at a higher securelevel, and it's
production machines that are most likely to need this facility, since
if you could reproduce the bug on a development machine with a non-suid
version of the binary, you would hardly be likely to be trying to debug
on a production machine.

What advantages do you see to making it depend on kern.securelevel? What
threat model do you have here?

cjs
-- 
Curt Sampson            <cjs@cynic.net>             +81 90 7737 2974
   The power of accurate observation is commonly called cynicism
   by those who have not got it.    --George Bernard Shaw