From owner-freebsd-hackers  Sun Oct 20 02:55:23 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id CAA27604
          for hackers-outgoing; Sun, 20 Oct 1996 02:55:23 -0700 (PDT)
Received: from zygorthian-space-raiders.MIT.EDU (ZYGORTHIAN-SPACE-RAIDERS.MIT.EDU [18.70.0.61])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA27595
          for <freebsd-hackers@freefall.FreeBSD.org>; Sun, 20 Oct 1996 02:55:20 -0700 (PDT)
Received: (from mycroft@localhost) by zygorthian-space-raiders.MIT.EDU (8.7.4/8.6.11) id FAA02739; Sun, 20 Oct 1996 05:55:16 -0400 (EDT)
Date: Sun, 20 Oct 1996 05:55:16 -0400 (EDT)
Message-Id: <199610200955.FAA02739@zygorthian-space-raiders.MIT.EDU>
From: "Charles M. Hannum" <mycroft@mit.edu>
To: Chris G Demetriou <Chris_G_Demetriou@ux2.sp.cs.cmu.edu>
Cc: tech-userlevel@netbsd.org, freebsd-hackers@freefall.FreeBSD.org
Subject: Re: setuid, core dumps, ftpd, and DB
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


Chris G Demetriou <Chris_G_Demetriou@ux2.sp.cs.cmu.edu> writes:

>
> Charles, re: "is a core dump on this weird file system safe"?
> Actually, a good solution there might be a "NOCOREDUMP" mount flag, a
> la NOSUID and NOEXEC.  That has several advantages:

That sounds reasonable, as long as one keeps in mind that it doesn't
solve all of the problems.

It might also be nice to make the core dump location configurable.  I
could imagine having, e.g., a read-protected /var/core directory, so
that the system manager could inspect core dumps later, but they'd be
protected from snoopers, and wouldn't affect quotas.  (This wouldn't
be useful in some environments, though, like Athena.)

BTW, one thing I actually liked about NewsOS was that it changed the
`nodev' and `nosuid' flags to be affirmative (`devs' and `suid')
rather than negative.  This made it harder to make a system insecure
accidentally.