Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: SODA Noriyuki <soda@sra.co.jp>
From: Curt Sampson <cjs@cynic.net>
List: tech-kern
Date: 02/03/2006 17:45:06
On Fri, 3 Feb 2006, SODA Noriyuki wrote:

>>>>>> On Fri, 3 Feb 2006 17:27:59 +0900 (JST),
>      Curt Sampson <cjs@cynic.net> said:
>
>> But security is special, because it's so important.
>
> You mean we should move existing nodes to the security tree?
> I don't like anything which introduces incompatibility...

Possibly. I'm not sure.

I don't like incompatabilities, either, but if a design is bad, I think
it's better to bear the pain and fix it, if we're sure the fix is the
proper one, and is much better. (I don't know that this is.)

> In that case, having a file like /usr/share/examples/sysctl/security,
> which lists all security related nodes, may be enough.
> Because you can see all settings by:
> 	sysctl `cat /usr/share/examples/sysctl/security`

Hm. Now that's a good idea.

cjs
-- 
Curt Sampson            <cjs@cynic.net>             +81 90 7737 2974
   The power of accurate observation is commonly called cynicism
   by those who have not got it.    --George Bernard Shaw