From owner-freebsd-security  Thu Feb 20 03:31:47 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id DAA07026
          for security-outgoing; Thu, 20 Feb 1997 03:31:47 -0800 (PST)
Received: from magrathea.chance.ru (root@magrathea.chance.ru [194.58.86.1])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id DAA07018
          for <security@freebsd.org>; Thu, 20 Feb 1997 03:31:42 -0800 (PST)
Received: (from caseq@localhost) by magrathea.chance.ru (8.6.12/8.6.12) id OAA14947; Thu, 20 Feb 1997 14:31:06 +0300
From: Andrew Kosyakov <caseq@magrathea.chance.ru>
Message-Id: <199702201131.OAA14947@magrathea.chance.ru>
Subject: Re: Coredumps and setuids .. interesting..
To: imp@village.org (Warner Losh)
Date: Thu, 20 Feb 1997 14:31:06 +0300 (MSK)
Cc: marcs@znep.com, security@freebsd.org
In-Reply-To: <E0vxRbs-0006vF-00@rover.village.org> from "Warner Losh" at Feb 19, 97 11:04:00 pm
Organization: Chance Publishing House
X-Mailer: ELM [version 2.4 PL24 ME8a]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Quoting Warner Losh:
> : thing against Warner's suggestion.  It may well be possible to find ways
> : other than core dumps to get access to the memory image through bugs in
> : ftpd. 
> Or via the ptrace api, or via some new feature that someone adds to
> procfs that lets you attach to a process' address space, or any other
> number of other things which seem like a good idea at the time, but
> introduce more holes.
So, you mean that someone may want to add an ability for an unprivileged process
to attach to the address space of a privileged process? Well, certainly, there
will be such people, but I guess they'll have to break freefall again in order
to implement that :-) (sorry if you consider this joke to be rude).

And I'd like to ask again: is there an official patch for 2.1.* to disable
P_SUGID process to dump core? Many people can't afford to upgrade the whole
OS on their production machines :-(

-- 
Sincerely yours
							/&rew

***
Andrew V. Kosyakov, Chance Publishing House, System Administrator
caseq@chance.ru, 2:5030/31@Fidonet.Org, +7(812)210-8046
PGP key fingerprint: BA A8 48 20 E4 AE 9C 52  C5 5F C3 B8 1E 67 2C BF