SUMMARY: Core after setgid()

From: Pavel HAMPL (pavel@corpus.cz)
Date: Thu Mar 11 1999 - 05:59:48 CST


Hi all,
Program not allowed to write core file if has set setuid(setgid) bit or
if uses functions setuid() or setgid().
This is for security reasons.
Problem is when a program change ownership from user root to anyone and
before this read for exemple file /etc/shadow. Now user anyone allowed to
do core file (kill -10 PID), and may find users password there.

This property have only Solaris 2.6 and 7. In Solaris 7 is possible
allowed to by setup 'set allow_setid_core = 1' in /etc/system.

In Solaris 2.6 is alternative way to call externaly program gcore or
pstack :

  char b[100];
  sprintf(b,"/usr/bin/gcore %d",getpid());
  system(b);

Thanks to
Casper Dik <casper@holland.sun.com>
Renny Koshy <rkoshy@xl.com>
Olivier.GIRAUD@cedelgroup.com

--
Pavel Hampl

---------------- My original question ------------------

Hi, my program do not create core file after execution abort() if before this used setgid(). Setgid() have to setup new group different then actual.

I registred this phenomenon only on Solaris 2.6. Solaris 2.5 and 2.4 create core file. Why do not create core file 2.6? Is it for any security reason?

Here is sample code: --------------------

#include <stdio.h> #include <sys/types.h> #include <unistd.h> #include <signal.h>

int main() { setgid(100); abort(); return 1; }



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:16 CDT