Re: coredumps on setuid programs.

Andrew Beckett (a.beckett@fml.co.uk)
Mon, 25 Jul 94 09:11:29 BST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Christopher Klaus: "Bad Advise"
Previous message: Christopher Davis: "Re: Is starting a user program on priv port via inetd dangerous ?"
In reply to: George Boyce: "Re: coredumps on setuid programs."

In article AA12832@csteam.com, George Boyce <george@csteam.com> () writes:
> > >From the man page:
> 
> Isn't quoting documentation on a bug mailing list like, um, trusting
> that there aren't bugs in the first place? I mean the vendors ship
> systems which allow worldwide root access. How do you know some hacker
> didn't *write* the man page you are reading...
> 

You may have noticed that Dylan also said:

> I tried something quick this morning under Solaris 2.3, and it does
> not produce core files from setuid programs.

Like me, he tried it _as_well_as_ checking the man page. Of course, I'd wouldn't
even believe a manual page even if it was genuine; it's not entirely unheard of
for sun to break a security feature (never, I hear you say!).


*******************************************************************
* Andrew Beckett                *                                 *
* Senior Design Engineer        *                                 *
* Fujitsu Microelectronics Ltd  *                                 *
* Highway House                 * phone    : (0628) 71116         *
* Norreys Drive                 * fax      : (0628) 773990        *
* Maidenhead. Berks SL6 4BW     * email    : a.beckett@fml.co.uk  *
*******************************************************************

Next message: Christopher Klaus: "Bad Advise"
Previous message: Christopher Davis: "Re: Is starting a user program on priv port via inetd dangerous ?"
In reply to: George Boyce: "Re: coredumps on setuid programs."