Re: core files

Kenneth Albanowski (kjahds@kjahds.com)
Mon, 4 Jan 1999 17:24:07 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: H. Peter Anvin: "Re: 2.2.0pre1 OOPS on boot."
Previous message: Stuart Lynne: "Re: znote support oopses non-notebook computer on boot"
In reply to: Nick Holloway: "Re: New patch-kernel, please test"

On Mon, 4 Jan 1999, Albert D. Cahalan wrote:

> Kenneth Albanowski writes:
> > On Sun, 3 Jan 1999, Albert D. Cahalan wrote:
> >>
> >> World accessible with multiple connections is totally correct.
> >> Only an exact authority match is acceptable. If you run a setuid
> >> app and want to catch crashes, you need a setuid daemon to do it.
> >
> > I'm not sure that degree of precision is needed. A deamon with the uid/gid
> > that the app was set to (as opposed to what it is running as) should be
> > sufficient. A setuid daemon would then work too, of course.
>
> Bear in mind that people are trying to lock down Linux with serious
> security, such as mandatory access control. The Coda filesystem
> developers seem to want each login to be isolated from every other.
>
> Perfect matches are very reliable. Anything less is likely to
> allow mistakes.

And imperfect matches usually involve kludges to avoid touching suid
programs and such... Yes, perfect matches make sense here. But do please
remember that /dev/crash's security is irrelevant if you can still attach
to a process with ptrace().

> I highly doubt that root will want to steal core dumps.
> For embedded systems, non-root simply won't run a crash handler.
> In any case, "chmod 600 /dev/crash" if you want to steal cores.
>
> It is more likely that root will be too lazy to run the daemon.
> I'd hate to rely on certain admins I know.

Agreed to all.

> That logic does not belong anywhere. It is overly complex.

Or rather, let the user do it if they insist, but don't even think about
it in the kernel. Yes, I agree, that was more complex then we need.

> This is simple:
>
> 1. Look for an exact security match.
> 2. If none, look for root.
> 3. If not found, dump core.
>
> Step 2 is really for setuid programs and servers that change UID.
> It is not intended to catch normal user processes. In fact, it
> should just dump a standard core if it catches one by accident.

Yes, this should be sufficient for the moment.

-- Kenneth Albanowski (kjahds@kjahds.com, CIS: 70705,126)

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: H. Peter Anvin: "Re: 2.2.0pre1 OOPS on boot."
Previous message: Stuart Lynne: "Re: znote support oopses non-notebook computer on boot"
In reply to: Nick Holloway: "Re: New patch-kernel, please test"