Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Elad Efrat <elad@NetBSD.org>
From: Rui Paulo <rpaulo@fnop.net>
List: tech-security
Date: 01/13/2006 13:47:26
--g7w8+K/95kPelPD2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2006.01.13 15:31:02 +0200, Elad Efrat wrote:
| Index: sys/kern/kern_sig.c
| =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
| RCS file: /cvsroot/src/sys/kern/kern_sig.c,v
| retrieving revision 1.213
| diff -u -p -r1.213 kern_sig.c
| --- sys/kern/kern_sig.c	24 Dec 2005 19:12:23 -0000	1.213
| +++ sys/kern/kern_sig.c	13 Jan 2006 13:21:40 -0000
| @@ -70,6 +70,7 @@ __KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v
|  #include <sys/sa.h>
|  #include <sys/savar.h>
|  #include <sys/exec.h>
| +#include <sys/sysctl.h>
| =20
|  #include <sys/mount.h>
|  #include <sys/syscallargs.h>
| @@ -2103,7 +2104,7 @@ coredump(struct lwp *l, const char *patt
|  	/*
|  	 * Make sure the process has not set-id, to prevent data leaks.

Maybe change this comment too ? :)

		-- Rui Paulo

--g7w8+K/95kPelPD2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iD8DBQFDx69uZPqyxs9FH4QRAt1nAKCKY7tqLgJyLHCNbZvJKcBIC6QJuQCfe+zC
Dqa0NLbNir1soS71c0BTBnE=
=YLGU
-----END PGP SIGNATURE-----

--g7w8+K/95kPelPD2--