From owner-freebsd-hackers Fri Oct 18 10:10:26 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA08412 for hackers-outgoing; Fri, 18 Oct 1996 10:10:26 -0700 (PDT) Received: from root.com (implode.root.com [198.145.90.17]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA08405 for ; Fri, 18 Oct 1996 10:10:23 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id KAA15566; Fri, 18 Oct 1996 10:11:22 -0700 (PDT) Message-Id: <199610181711.KAA15566@root.com> X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol To: Karl Denninger cc: freebsd-hackers@FreeBSD.org, tech-userlevel@NetBSD.ORG Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c In-reply-to: Your message of "Fri, 18 Oct 1996 11:56:57 CDT." <199610181656.LAA26366@Jupiter.Mcs.Net> From: David Greenman Reply-To: dg@root.com Date: Fri, 18 Oct 1996 10:11:22 -0700 Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk >If you're arguing for no core dumps of anything which could contain >sensitive data, then the bottom line is that you have to decline any of the >following: > >1) ptrace() on any process which was STARTED Suid (not "currently is" > SUID). This precludes debugging on a process in this state. > >2) Any process which starts with the SUID or SGID bit on must > internally decline to dump core (regardless of ulimit settings) at > all times -- both while SUID and *IF SUID IS REVOKED BY THE JOB*. Yup. ...but perhaps the way this should work is by setting the process coredump rlimit to 0 in these cases so that the program can explicitly turn coredumps back on when debugging. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project