Date: Fri, 18 Oct 1996 14:48:16 -0400 From: Chris G Demetriou <Chris_G_Demetriou@ux2.sp.cs.cmu.edu> To: Karl Denninger <karl@mcs.net> Cc: dg@root.com, gritton@byu.edu, freebsd-hackers@freebsd.org, tech-userlevel@netbsd.org Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c Message-ID: <28242.845664496@ux2.sp.cs.cmu.edu> In-Reply-To: Your message of "Fri, 18 Oct 1996 11:56:57 CDT." <199610181656.LAA26366@Jupiter.Mcs.Net>
next in thread | previous in thread | raw e-mail | index | archive | help
> If you're arguing for no core dumps of anything which could contain > sensitive data, then the bottom line is that you have to decline any of the > following: > > 1) ptrace() on any process which was STARTED Suid (not "currently is" > SUID). This precludes debugging on a process in this state. > > 2) Any process which starts with the SUID or SGID bit on must > internally decline to dump core (regardless of ulimit settings) at > all times -- both while SUID and *IF SUID IS REVOKED BY THE JOB*. Not quite... (1) should be "ptrace() by non-root"... and you forgot: (3) access via procfs by non-root to any process which was started suid. cgd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28242.845664496>