BIND less restrictive modes and policy
Chuck Anderson
cra at WPI.EDU
Tue Jan 22 18:27:18 UTC 2008
On Tue, Jan 22, 2008 at 01:22:20PM -0500, Steve Grubb wrote:
> On Tuesday 22 January 2008 11:04:11 Adam Tkac wrote:
> > I don't think so. As I wrote in
> > https://bugzilla.redhat.com/show_bug.cgi?id=400461#c21 named is able
> > to produce core file after setuid when /var/named directory is
> > writable by named user. This is main reason why I want this directory
> > writable. It means that you will have always core file when named
> > gets sigsegv (no additional setup is needed, only writable
> > /var/named).
>
> To me, that is not enough reason. You have to do some work to allow coredumps
> at all. So, the admin may as well use /proc/sys/kernel/core_name_format to
> tell the kernel where to put the file.
Ah. I wasn't aware that you could change the coredump path with this
mechanism. It sounds like that is worth investigating, but won't you
run into the same problems with permissions on whatever directory you
choose? How can you choose one system-wide directory for coredumps if
each process runs as a different user?
More information about the fedora-devel-list
mailing list