BIND less restrictive modes and policy

Chuck Anderson cra at WPI.EDU
Tue Jan 22 18:27:18 UTC 2008


On Tue, Jan 22, 2008 at 01:22:20PM -0500, Steve Grubb wrote:
> On Tuesday 22 January 2008 11:04:11 Adam Tkac wrote:
> > I don't think so. As I wrote in
> > https://bugzilla.redhat.com/show_bug.cgi?id=400461#c21 named is able
> > to produce core file after setuid when /var/named directory is
> > writable by named user. This is main reason why I want this directory
> > writable. It means that you will have always core file when named
> > gets sigsegv (no additional setup is needed, only writable
> > /var/named).
> 
> To me, that is not enough reason. You have to do some work to allow coredumps 
> at all. So, the admin may as well use /proc/sys/kernel/core_name_format  to 
> tell the kernel where to put the file.

Ah.  I wasn't aware that you could change the coredump path with this 
mechanism.  It sounds like that is worth investigating, but won't you 
run into the same problems with permissions on whatever directory you 
choose?  How can you choose one system-wide directory for coredumps if 
each process runs as a different user?




More information about the fedora-devel-list mailing list