From owner-freebsd-security  Wed Feb 19 22:04:22 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id WAA20238
          for security-outgoing; Wed, 19 Feb 1997 22:04:22 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id WAA20225
          for <security@freebsd.org>; Wed, 19 Feb 1997 22:04:17 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vxRbs-0006vF-00; Wed, 19 Feb 1997 23:04:00 -0700
To: Marc Slemko <marcs@znep.com>
Subject: Re: Coredumps and setuids .. interesting.. 
Cc: Andrew Kosyakov <caseq@magrathea.chance.ru>, security@freebsd.org
In-reply-to: Your message of "Wed, 19 Feb 1997 14:32:13 MST."
		<Pine.BSF.3.95.970219142715.28954J-100000@alive.znep.com> 
References: <Pine.BSF.3.95.970219142715.28954J-100000@alive.znep.com>  
Date: Wed, 19 Feb 1997 23:04:00 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0vxRbs-0006vF-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <Pine.BSF.3.95.970219142715.28954J-100000@alive.znep.com> Marc Slemko writes:
: OTOH, being paranoid is good except when it isn't and I don't see a huge
: thing against Warner's suggestion.  It may well be possible to find ways
: other than core dumps to get access to the memory image through bugs in
: ftpd. 

Or via the ptrace api, or via some new feature that someone adds to
procfs that lets you attach to a process' address space, or any other
number of other things which seem like a good idea at the time, but
introduce more holes.

Warner