Hi, > Maybe the info about /proc/sys/fs/suid_dumpable should be added to > doc/bugs...
to quote the man page: /proc/sys/fs/suid_dumpable (since Linux 2.6.13) The value in this file determines whether core dump files are produced for set-user-ID or otherwise protected/tainted bina- ries. Three different integer values can be specified: 0 (default) This provides the traditional (pre-Linux 2.6.13) behavior. A core dump will not be produced for a process which has changed credentials (by calling seteuid(2), setgid(2), or similar, or by executing a set-user-ID or set-group-ID program) or whose binary does not have read permission enabled. 1 ("debug") All processes dump core when possible. The core dump is owned by the file system user ID of the dumping process and no security is applied. This is intended for system debug- ging situations only. Ptrace is unchecked. 2 ("suidsafe") Any binary which normally would not be dumped (see "0" above) is dumped readable by root only. This allows the user to remove the core dump file but not to read it. For security reasons core dumps in this mode will not overwrite one another or other files. This mode is appropriate when adminis- trators are attempting to debug problems in a normal environ- ment. i dont think this got enough coverage in most information outlets..in fact 2.6.13 has been around for a while but today was the first time i learnt of that behaviour. maybe FreeRADIUS code updated to detect this value...and if its set to 0 then it could mention it in the debug output? ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html