On 23/02/2010 21:09, Theo de Raadt whispered from the shadows...: >> On 23/02/2010 18:28, Theo de Raadt whispered from the shadows...: >>>> 3. The program does not use file system setuid bits, BUT does use the >>>>> setuid() et al. system calls to drop privileges from root to some other >> >>> In OpenBSD -- if you change uids, you don't get core dumps. >> >> Which I find a very strange choice, > > I gues it's good that we get to make the choices. In all the other > projects, such choices would not even be thought of.
It is a choice that is hard on application developers when it comes to debugging problems. Linux has per process PR_SET_DUMPABLE flag; FreeBSD has (last I looked) a kern.sugid_coredump similar to OpenBSD kern.nosuidcoredump. I just find it odd from a practical view point that kern.nosuidcoredump no longer applies, though understand from a security view point that one would want to avoid slip ups by the developer between setuid and seteuid or in forgetting to restore the setting to a secure mode after debugging. -- Anthony C Howe Skype: SirWumpus SnertSoft +33 6 11 89 73 78 Twitter: SirWumpus BarricadeMX & Milters http://snert.com/ http://nanozen.info/ http://snertsoft.com/
