Re: BIND less restrictive modes and policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 22, 2008 at 01:22:20PM -0500, Steve Grubb wrote:
> On Tuesday 22 January 2008 11:04:11 Adam Tkac wrote:
> > I don't think so. As I wrote in
> > https://bugzilla.redhat.com/show_bug.cgi?id=400461#c21 named is able
> > to produce core file after setuid when /var/named directory is
> > writable by named user. This is main reason why I want this directory
> > writable. It means that you will have always core file when named
> > gets sigsegv (no additional setup is needed, only writable
> > /var/named).
> 
> To me, that is not enough reason. You have to do some work to allow coredumps 
> at all. So, the admin may as well use /proc/sys/kernel/core_name_format  to 
> tell the kernel where to put the file.

Ah.  I wasn't aware that you could change the coredump path with this 
mechanism.  It sounds like that is worth investigating, but won't you 
run into the same problems with permissions on whatever directory you 
choose?  How can you choose one system-wide directory for coredumps if 
each process runs as a different user?

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux