Subject: Re: sysctl knob to let sugid processes dump core (pr 15994)
To: Elad Efrat <elad@NetBSD.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 01/25/2006 14:38:34
On Wed, Jan 25, 2006 at 08:30:40PM +0200, Elad Efrat wrote:
> Thor Lancelot Simon wrote:
>
> > Not from my point of view. From my point of view, we're adding the ability
> > for an attacker to harvest sensitive information in a way in which he could
> > not harvest it before -- and we're making it possible to turn that on
> > without access to the machine's console.
>
> how do you want the securelevel to affect the knob? default disable and
> can only be modified in securelevel > 0?
Default disable, can only be modified at securelevel < 1. That gives us
the same basic situation we have now, with the convenience of not having
to modify the kernel sources to get cores from setuid programs.
Thor