From owner-freebsd-security Tue Feb 18 22:54:32 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA07975 for security-outgoing; Tue, 18 Feb 1997 22:54:32 -0800 (PST) Received: from saguaro.flyingfox.com (saguaro.flyingfox.com [204.188.109.253]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id WAA07970 for ; Tue, 18 Feb 1997 22:54:29 -0800 (PST) Received: (from jas@localhost) by saguaro.flyingfox.com (8.6.12/8.6.10) id WAA16181; Tue, 18 Feb 1997 22:49:22 -0800 Date: Tue, 18 Feb 1997 22:49:22 -0800 From: Jim Shankland Message-Id: <199702190649.WAA16181@saguaro.flyingfox.com> To: dg@root.com, jfesler@calweb.com Subject: Re: Coredumps and setuids .. interesting.. Cc: security@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk David Greenman writes, re coredumping setuid processes: > Hmmm. Either my replies aren't getting through to bugtraq, or > people are just ignoring them. As of FreeBSD 2.1.6 and newer > versions, we don't core dump for setuid processes. It's been > this way for nearly a year in -current, but the change didn't > get merged into the 2.1.x branch until after the 2.1.5 > release...that was an oversight. Actually, an old 2.1.0-RELEASE source tree I have lying around indicates that core is not dumped for setuid processes: /* * Dump core, into a file named "progname.core", unless the process was * setuid/setgid. */ int coredump(p) register struct proc *p; { [...] if (pcred->p_svuid != pcred->p_ruid || pcred->p_svgid != pcred->p_rgid) return (EFAULT); And I tried it out on an old laptop that still has 2.1.0-951104-SNAP, and it wouldn't dump the core of a setuid process. (I don't have a 2.1.5 system to try it out on.) Was this, perhaps, a bug that was introduced in 2.1.5, then fixed in 2.1.6? Jim Shankland Flying Fox Computer Systems, Inc.