Date: Mon, 13 Oct 1997 17:00:01 -0700 (PDT) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: freebsd-bugs Subject: Re: kern/4755: coredump refusal of setuid programs too restrictive Message-ID: <199710140000.RAA04192@hub.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR kern/4755; it has been noted by GNATS.
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Paul Traina <pst@shockwave.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, security-officer@FreeBSD.ORG,
bde@FreeBSD.ORG, phk@FreeBSD.ORG
Subject: Re: kern/4755: coredump refusal of setuid programs too restrictive
Date: Tue, 14 Oct 1997 09:53:25 +1000 (EST)
On Mon, 13 Oct 1997, Paul Traina wrote:
> >Description:
>
> Currently, if a program is setuid, we don't take a core, period.
> This makes it very difficult to debug certain types of problems.
...
> The code should be changed to check the uid (maybe saved uid?) of
> the current invoker and remove the restriction if that uid is 0.
We need to be careful with this. /usr/sbin/pppd is setuid root, and can
be started by root from getty in an "autoppp" situation. This does not
mean that dumping core is necessarily safe, as in an autoppp situation
pppd has used getpwnam().
Danny
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710140000.RAA04192>