<<< Date Index >>>     <<< Thread Index >>>

Re: [PATCH] Add $umask for mailboxes and attachments



Derek Martin wrote on 17 Mar 2007 05:05:49 +0100:

> How many people reading this thought of the core dump problem I just
> mentioned?

Well, if your operating system creates world-readable coredump, you
should report this as a security vulnerabilty, because it is indeed one
(see http://www.securityfocus.com/bid/5737/info for instance).  Linux
does explicity set the core mode to 0600 in fs/exec.c:

#       file = filp_open(corename,
#                        O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
#                        0600);

And Solaris behaves in the same sane way.

Could it be that you too are somewhat ignorant in security matters?

-- 
Gaëtan LEURENT

Attachment: pgpI96EDOwU0F.pgp
Description: PGP signature