> On 23/02/2010 21:09, Theo de Raadt whispered from the shadows...: > >> On 23/02/2010 18:28, Theo de Raadt whispered from the shadows...: > >>>> 3. The program does not use file system setuid bits, BUT does use the > >>>>> setuid() et al. system calls to drop privileges from root to some other > >> > >>> In OpenBSD -- if you change uids, you don't get core dumps. > >> > >> Which I find a very strange choice, > > > > I gues it's good that we get to make the choices. In all the other > > projects, such choices would not even be thought of. > > It is a choice that is hard on application developers when it comes to > debugging problems. Linux has per process PR_SET_DUMPABLE flag; FreeBSD > has (last I looked) a kern.sugid_coredump similar to OpenBSD > kern.nosuidcoredump.
It is a choice that is hard on people trying to find password or keying information inside priv-sep daemons.