>Forcing ANYTHING that touches authentication to refuse to dump core is not
>the answer.  Yet that is the only answer that you leave available.
>
>Worse, that doesn't even BEGIN to address the problmes that come about if
>you can ptrace() the process -- which, for something like this, is a REAL
>problem.
>
>You MUST be able to *know* that all privileged data has been nuked BEFORE
>you relinquish privileged operation.  This isn't an option folks -- its a
>REQUIREMENT for security reasons.
>
>Figure it out.  ftpd is not the only affected program here; just the most
>commonly known and exploited.

Did you miss a portion of this thread?  I think that Jason already
addressed all of these issues.

The program can core dump, the core dump will simply only be readable
by root.

There are already protections enforced to disallow non-priveledged users
from ptracing programs that are setuid/setgid.

>--
>Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity
>http://www.mcs.net/~karl     | T1 from $600 monthly; speeds to DS-3 available
>			     | 23 Chicagoland Prefixes, 13 ISDN, much more
>Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net
>/
>Fax:   [+1 312 248-9865]     | Home of Chicago's only FULL Clarinet feed!

--
Justin T. Gibbs
===========================================
  FreeBSD: Turning PCs into workstations
===========================================