* Paul Wise <p...@debian.org>, 2019-03-15, 08:59:
As a data point, apport creates /var/crash as world-writable in postinst:Does apport use a core dump handler?
Yes.
If so it shouldn't need a world writable directory since the core dump handler runs as root.
Apparmor saves dumps directly in /var/crash (bad idea...), so the sticky bit is needed so that the user can delete their own core dumps.
I've filed #924692 and #924693 so far, but there's probably more. -- Jakub Wilk
