From pst@Shockwave.COM  Mon Oct 13 10:08:40 1997
Received: from precipice.shockwave.com (precipice.shockwave.com [207.105.15.229])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id KAA07463;
          Mon, 13 Oct 1997 10:08:39 -0700 (PDT)
          (envelope-from pst@Shockwave.COM)
Received: (from pst@localhost) by precipice.shockwave.com (8.8.7/8.7.3) id KAA08172; Mon, 13 Oct 1997 10:08:18 -0700 (PDT)
Message-Id: <199710131708.KAA08172@precipice.shockwave.com>
Date: Mon, 13 Oct 1997 10:08:18 -0700 (PDT)
From: Paul Traina <pst@Shockwave.COM>
Reply-To: pst@Shockwave.COM
To: FreeBSD-gnats-submit@freebsd.org
Cc: security-officer@freebsd.org, bde@freebsd.org, phk@freebsd.org
Subject: coredump refusal of setuid programs too restrictive
X-Send-Pr-Version: 3.2

>Number:         4755
>Category:       kern
>Synopsis:       we should allow coredumps of setuid code if uid==0
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 13 10:10:01 PDT 1997
>Closed-Date:    Sun Oct 26 21:50:03 MET 1997
>Last-Modified:  Sun Oct 26 21:51:12 MET 1997
>Originator:     Paul Traina
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
Juniper Networks
>Environment:

This is relevant in 2.2.x and 3.0.

>Description:

Currently, if a program is setuid, we don't take a core, period.
This makes it very difficult to debug certain types of problems.

>How-To-Repeat:

Dump core in a setuid program invoked by root.

>Fix:
	
The code should be changed to check the uid (maybe saved uid?) of
the current invoker and remove the restriction if that uid is 0.
>Release-Note:
>Audit-Trail:

From: Nate Williams <nate@mt.sri.com>
To: pst@shockwave.com
Cc: FreeBSD-gnats-submit@freebsd.org, security-officer@freebsd.org,
        bde@freebsd.org, phk@freebsd.org
Subject: Re: kern/4755: coredump refusal of setuid programs too restrictive
Date: Mon, 13 Oct 1997 13:09:41 -0600 (MDT)

 Paul Traina writes:
 > 
 > >Number:         4755
 > >Category:       kern
 > >Synopsis:       we should allow coredumps of setuid code if uid==0
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       high
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Mon Oct 13 10:10:01 PDT 1997
 > >Last-Modified:
 > >Originator:     Paul Traina
 > >Organization:
 > Juniper Networks
 > >Release:        FreeBSD 3.0-CURRENT i386
 > >Environment:
 > 
 > This is relevant in 2.2.x and 3.0.
 > 
 > >Description:
 > 
 > Currently, if a program is setuid, we don't take a core, period.
 > This makes it very difficult to debug certain types of problems.
 > 
 > >How-To-Repeat:
 > 
 > Dump core in a setuid program invoked by root.
 > 
 > >Fix:
 > 	
 > The code should be changed to check the uid (maybe saved uid?) of
 > the current invoker and remove the restriction if that uid is 0.
 
 I think the only safe fix to have use a sysctl that enables it.  There
 are too many things that would still 'unsafely' dump core with any kind
 of check you can come up with.  By allowing it to be disabled easily by
 a root user, you allow a developer/user to allow core dumps, with the
 knowledge that the system is no longer secure.
 
 
 Nate

From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Paul Traina <pst@shockwave.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, security-officer@FreeBSD.ORG,
        bde@FreeBSD.ORG, phk@FreeBSD.ORG
Subject: Re: kern/4755: coredump refusal of setuid programs too restrictive
Date: Tue, 14 Oct 1997 09:53:25 +1000 (EST)

 On Mon, 13 Oct 1997, Paul Traina wrote:
 
 > >Description:
 > 
 > Currently, if a program is setuid, we don't take a core, period.
 > This makes it very difficult to debug certain types of problems.
 ... 	
 > The code should be changed to check the uid (maybe saved uid?) of
 > the current invoker and remove the restriction if that uid is 0.
 
 We need to be careful with this.  /usr/sbin/pppd is setuid root, and can 
 be started by root from getty in an "autoppp" situation.  This does not 
 mean that dumping core is necessarily safe, as in an autoppp situation 
 pppd has used getpwnam().
 
 Danny

From: Guido van Rooij <guido@gvr.org>
To: freebsd-gnats-submit@freebsd.org, danny@panda.hilink.com.au
Cc:  Subject: Re: kern/4755: we should allow coredumps of setuid code if uid==0
Date: Sun, 26 Oct 1997 21:48:38 +0100

 I fixed this in rev 1.67 in -current and 1.47.2.9 (to come in a few
 minutes).
 
 So I'll close the pr.
 
 -Guido
 
State-Changed-From-To: open->closed 
State-Changed-By: guido 
State-Changed-When: Sun Oct 26 21:50:03 MET 1997 
State-Changed-Why:  
Solved in rev 1.67 and put in 2.2 branch today. 
>Unformatted:
