2002-04-21 08:24:31

by Willy Tarreau

[permalink] [raw]
Subject: Re: PATCH] Allow setuid/setgid core files

Hello Neil,

I think I will try your patch since I have also had the same need
several times. In fact, not dumping a setuid core seems logical
for shared systems with lots of users, but on secured servers
which only host one daemon or two, and on which there's not any
user account, it's a bit annoying. In this case, if anyone gets
in the system, he's root anyway, so the initial protection
doesn't apply.

BTW, what uid/gid will the core get ? I think that it should get
the highest level so that if someone breaks in through a service
which uses this feature and which has dropped its uid/gid, at
least he cannot read eventual cores from previous attempts.
Comments ?

Willy


2002-04-21 14:10:27

by Neil A. Wilson

[permalink] [raw]
Subject: Re: PATCH] Allow setuid/setgid core files

On Sun, 2002-04-21 at 03:24, Willy Tarreau wrote:
> BTW, what uid/gid will the core get ? I think that it should get
> the highest level so that if someone breaks in through a service
> which uses this feature and which has dropped its uid/gid, at
> least he cannot read eventual cores from previous attempts.
> Comments ?
>

Thanks for the feedback. You bring up a good point here. Currently the
dump is owned by the effective uid. I'll look into writing it as root.

Neil