Re: BIND less restrictive modes and policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2008-01-22 at 13:27 -0500, Chuck Anderson wrote:
> On Tue, Jan 22, 2008 at 01:22:20PM -0500, Steve Grubb wrote:
> > On Tuesday 22 January 2008 11:04:11 Adam Tkac wrote:
> > > I don't think so. As I wrote in
> > > https://bugzilla.redhat.com/show_bug.cgi?id=400461#c21 named is able
> > > to produce core file after setuid when /var/named directory is
> > > writable by named user. This is main reason why I want this directory
> > > writable. It means that you will have always core file when named
> > > gets sigsegv (no additional setup is needed, only writable
> > > /var/named).
> > 
> > To me, that is not enough reason. You have to do some work to allow coredumps 
> > at all. So, the admin may as well use /proc/sys/kernel/core_name_format  to 
> > tell the kernel where to put the file.
> 
> Ah.  I wasn't aware that you could change the coredump path with this 
> mechanism.  It sounds like that is worth investigating, but won't you 
> run into the same problems with permissions on whatever directory you 
> choose?  How can you choose one system-wide directory for coredumps if 
> each process runs as a different user?

/tmp ... <g>

Simo.

-- 
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux