Date: Tue, 18 Feb 1997 20:08:14 -0800 From: Jason Fesler <jfesler@calweb.com> To: security@freebsd.org Subject: Coredumps and setuids .. interesting.. Message-ID: <3.0.1.32.19970218200814.006e5118@pop.calweb.com>
next in thread | raw e-mail | index | archive | help
I found this to be rather interesting.. I didn't realize that linux and solaris refused to core dump setuid programs. This could be a rather good thing should it find it's way into *bsd.. >Date: Tue, 18 Feb 1997 19:59:37 -0500 >Reply-To: Simon Karpen <slk@LINUX1.ACM.RPI.EDU> >From: Simon Karpen <slk@LINUX1.ACM.RPI.EDU> >Subject: Re: FreeBSD,rlogin and coredumps. >To: BUGTRAQ@NETSPACE.ORG > >The problem is not in screen; it's in the operating system. >Linux is truly not vulnerable as it does not allow >coredumps of setuid root programs. > >The BSDs (at least FreeBSD) appear to still do this for some >inane reason. Even SunOS 4.x doesn't coredump setuid progs, and >I wouldn't exactly call it secure. > >On Tue, 18 Feb 1997, Nathan Torkington wrote: >> It's possible to send a signal 11 to the latest version of screen >> (3.7.2) and make it coredump with the master.passwd file in memory. >> I'm using FreeBSD 2.1.5-RELEASE. > >Simon Karpen >karpes@rpi.edu, slk@acm.rpi.edu, slk@karpes.stu.rpi.edu >"Down, not Across" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.19970218200814.006e5118>