From owner-freebsd-bugs  Mon Oct 13 17:00:03 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id RAA04203
          for bugs-outgoing; Mon, 13 Oct 1997 17:00:03 -0700 (PDT)
          (envelope-from owner-freebsd-bugs)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id RAA04192;
          Mon, 13 Oct 1997 17:00:01 -0700 (PDT)
          (envelope-from gnats)
Date: Mon, 13 Oct 1997 17:00:01 -0700 (PDT)
Message-Id: <199710140000.RAA04192@hub.freebsd.org>
To: freebsd-bugs
Cc: 
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
Subject: Re: kern/4755: coredump refusal of setuid programs too restrictive
Reply-To: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

The following reply was made to PR kern/4755; it has been noted by GNATS.

From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Paul Traina <pst@shockwave.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, security-officer@FreeBSD.ORG,
        bde@FreeBSD.ORG, phk@FreeBSD.ORG
Subject: Re: kern/4755: coredump refusal of setuid programs too restrictive
Date: Tue, 14 Oct 1997 09:53:25 +1000 (EST)

 On Mon, 13 Oct 1997, Paul Traina wrote:
 
 > >Description:
 > 
 > Currently, if a program is setuid, we don't take a core, period.
 > This makes it very difficult to debug certain types of problems.
 ... 	
 > The code should be changed to check the uid (maybe saved uid?) of
 > the current invoker and remove the restriction if that uid is 0.
 
 We need to be careful with this.  /usr/sbin/pppd is setuid root, and can 
 be started by root from getty in an "autoppp" situation.  This does not 
 mean that dumping core is necessarily safe, as in an autoppp situation 
 pppd has used getpwnam().
 
 Danny