From owner-freebsd-security  Thu Aug 26 17: 6:15 1999
Delivered-To: freebsd-security@freebsd.org
Received: from phoenix.aye.net (phoenix.aye.net [206.185.8.134])
	by hub.freebsd.org (Postfix) with SMTP id F3E7215DE4
	for <freebsd-security@FreeBSD.ORG>; Thu, 26 Aug 1999 17:05:39 -0700 (PDT)
	(envelope-from barrett@phoenix.aye.net)
Received: (qmail 24232 invoked by uid 1000); 26 Aug 1999 23:57:28 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 26 Aug 1999 23:57:28 -0000
Date: Thu, 26 Aug 1999 19:57:28 -0400 (EDT)
From: Barrett Richardson <barrett@phoenix.aye.net>
To: Warner Losh <imp@village.org>
Cc: dg@root.com, dima@best.net, Gregory Sutter <gsutter@pobox.com>,
	security-officer@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local
 root explot] 
In-Reply-To: <199908262348.RAA69353@harmony.village.org>
Message-ID: <Pine.BSF.4.01.9908261944530.19521-100000@phoenix.aye.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Thu, 26 Aug 1999, Warner Losh wrote:

> In message <Pine.BSF.4.01.9908261915120.13229-100000@phoenix.aye.net> Barrett Richardson writes:
> : On Digital Unix where core dumps are a big problem with setuid
> : binaries and the symlink issue, core dumps are disabled on
> : binaries that do not have a read bit set. This offers an "on
> : the fly" workaround.
> 
> Setuid binaries already don't dump core.
> 
> Warner
> 

What I didn't mention was the that a 'chmod -r xxxx' disables core
dumps on binaries whether setuid or not on Digital Unix (which will
happily dump core for a setuid binary -- I know, its silly).

-

Barrett



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message