From owner-freebsd-bugs  Mon Oct 13 10:10:09 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id KAA07616
          for bugs-outgoing; Mon, 13 Oct 1997 10:10:09 -0700 (PDT)
          (envelope-from owner-freebsd-bugs)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id KAA07599;
          Mon, 13 Oct 1997 10:10:03 -0700 (PDT)
          (envelope-from gnats)
Resent-Date: Mon, 13 Oct 1997 10:10:03 -0700 (PDT)
Resent-Message-Id: <199710131710.KAA07599@hub.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, pst@Shockwave.COM
Received: from precipice.shockwave.com (precipice.shockwave.com [207.105.15.229])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id KAA07463;
          Mon, 13 Oct 1997 10:08:39 -0700 (PDT)
          (envelope-from pst@Shockwave.COM)
Received: (from pst@localhost) by precipice.shockwave.com (8.8.7/8.7.3) id KAA08172; Mon, 13 Oct 1997 10:08:18 -0700 (PDT)
Message-Id: <199710131708.KAA08172@precipice.shockwave.com>
Date: Mon, 13 Oct 1997 10:08:18 -0700 (PDT)
From: Paul Traina <pst@Shockwave.COM>
Reply-To: pst@Shockwave.COM
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc: security-officer@FreeBSD.ORG, bde@FreeBSD.ORG, phk@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: kern/4755: coredump refusal of setuid programs too restrictive
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         4755
>Category:       kern
>Synopsis:       we should allow coredumps of setuid code if uid==0
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 13 10:10:01 PDT 1997
>Last-Modified:
>Originator:     Paul Traina
>Organization:
Juniper Networks
>Release:        FreeBSD 3.0-CURRENT i386
>Environment:

This is relevant in 2.2.x and 3.0.

>Description:

Currently, if a program is setuid, we don't take a core, period.
This makes it very difficult to debug certain types of problems.

>How-To-Repeat:

Dump core in a setuid program invoked by root.

>Fix:
	
The code should be changed to check the uid (maybe saved uid?) of
the current invoker and remove the restriction if that uid is 0.
>Audit-Trail:
>Unformatted: