From owner-freebsd-security Tue Feb 18 21:44:54 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA04317 for security-outgoing; Tue, 18 Feb 1997 21:44:54 -0800 (PST) Received: from root.com (implode.root.com [198.145.90.17]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA04311 for ; Tue, 18 Feb 1997 21:44:50 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by root.com (8.8.5/8.6.5) with SMTP id VAA10377; Tue, 18 Feb 1997 21:45:56 -0800 (PST) Message-Id: <199702190545.VAA10377@root.com> X-Authentication-Warning: implode.root.com: localhost [127.0.0.1] didn't use HELO protocol To: Jason Fesler cc: security@freebsd.org Subject: Re: Coredumps and setuids .. interesting.. In-reply-to: Your message of "Tue, 18 Feb 1997 20:08:14 PST." <3.0.1.32.19970218200814.006e5118@pop.calweb.com> From: David Greenman Reply-To: dg@root.com Date: Tue, 18 Feb 1997 21:45:56 -0800 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >I found this to be rather interesting.. I didn't realize >that linux and solaris refused to core dump setuid programs. >This could be a rather good thing should it find it's way >into *bsd.. Hmmm. Either my replies aren't getting through to bugtraq, or people are just ignoring them. As of FreeBSD 2.1.6 and newer versions, we don't core dump for setuid processes. It's been this way for nearly a year in -current, but the change didn't get merged into the 2.1.x branch until after the 2.1.5 release...that was an oversight. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project