From: Todd C. Miller Date: Sun, 9 Aug 2015 22:12:00 +0000 (-0600) Subject: disable_coredump can be set to no on modern OSes without X-Git-Tag: SUDO_1_8_15^2~86 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b2f1bbfb026a47a6c66687c55ace3cb3906d7994;p=sudo disable_coredump can be set to no on modern OSes without security consequences. --- diff --git a/doc/sudo.cat b/doc/sudo.cat index acdcd4699..2b97e3790 100644 --- a/doc/sudo.cat +++ b/doc/sudo.cat @@ -459,9 +459,11 @@ SSEECCUURRIITTYY NNOOTTEESS To prevent the disclosure of potentially sensitive information, ssuuddoo disables core dumps by default while it is executing (they are re-enabled - for the command that is run). To aid in debugging ssuuddoo crashes, you may - wish to re-enable core dumps by setting ``disable_coredump'' to false in - the sudo.conf(4) file as follows: + for the command that is run). This historical practice dates from a time + when most operating systems allowed setuid processes to dump core by + default. To aid in debugging ssuuddoo crashes, you may wish to re-enable + core dumps by setting ``disable_coredump'' to false in the sudo.conf(4) + file as follows: Set disable_coredump false diff --git a/doc/sudo.conf.cat b/doc/sudo.conf.cat index f695d2ddf..3f8246343 100644 --- a/doc/sudo.conf.cat +++ b/doc/sudo.conf.cat @@ -120,18 +120,20 @@ DDEESSCCRRIIPPTTIIOONN The ssuuddoo..ccoonnff file also supports the following front end settings: disable_coredump - Core dumps of ssuuddoo itself are disabled by default. To aid in + Core dumps of ssuuddoo itself are disabled by default to prevent + the disclosure of potentially sensitive information. To aid in debugging ssuuddoo crashes, you may wish to re-enable core dumps by setting ``disable_coredump'' to false in ssuuddoo..ccoonnff as follows: Set disable_coredump false - Note that most operating systems disable core dumps from setuid - programs, including ssuuddoo. To actually get a ssuuddoo core file you - will likely need to enable core dumps for setuid processes. On - BSD and Linux systems this is accomplished in the sysctl - command. On Solaris, the coreadm command is used to configure - core dump behavior. + All modern operating systems place restrictions on core dumps + from setuid processes like ssuuddoo so this option can be enabled + without compromising security. To actually get a ssuuddoo core + file you will likely need to enable core dumps for setuid + processes. On BSD and Linux systems this is accomplished in + the sysctl command. On Solaris, the coreadm command is used to + configure core dump behavior. This setting is only available in ssuuddoo version 1.8.4 and higher. diff --git a/doc/sudo.conf.man.in b/doc/sudo.conf.man.in index 40c952d68..d2b0257c5 100644 --- a/doc/sudo.conf.man.in +++ b/doc/sudo.conf.man.in @@ -265,7 +265,8 @@ file also supports the following front end settings: disable_coredump Core dumps of \fBsudo\fR -itself are disabled by default. +itself are disabled by default to prevent the disclosure of potentially +sensitive information. To aid in debugging \fBsudo\fR crashes, you may wish to re-enable core dumps by setting @@ -281,9 +282,10 @@ Set disable_coredump false .fi .RS 10n .sp -Note that most operating systems disable core dumps from setuid programs, -including -\fBsudo\fR. +All modern operating systems place restrictions on core dumps +from setuid processes like +\fBsudo\fR +so this option can be enabled without compromising security. To actually get a \fBsudo\fR core file you will likely need to enable core dumps for setuid processes. diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in index c3e7da747..16e5d6d5b 100644 --- a/doc/sudo.conf.mdoc.in +++ b/doc/sudo.conf.mdoc.in @@ -14,7 +14,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 4, 2014 +.Dd August 9, 2015 .Dt SUDO @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -241,7 +241,8 @@ file also supports the following front end settings: .It disable_coredump Core dumps of .Nm sudo -itself are disabled by default. +itself are disabled by default to prevent the disclosure of potentially +sensitive information. To aid in debugging .Nm sudo crashes, you may wish to re-enable core dumps by setting @@ -253,9 +254,10 @@ as follows: Set disable_coredump false .Ed .Pp -Note that most operating systems disable core dumps from setuid programs, -including -.Nm sudo . +All modern operating systems place restrictions on core dumps +from setuid processes like +.Nm sudo +so this option can be enabled without compromising security. To actually get a .Nm sudo core file you will likely need to enable core dumps for setuid processes. diff --git a/doc/sudo.man.in b/doc/sudo.man.in index 642444005..3e032b44e 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -919,6 +919,8 @@ To prevent the disclosure of potentially sensitive information, \fBsudo\fR disables core dumps by default while it is executing (they are re-enabled for the command that is run). +This historical practice dates from a time when most operating +systems allowed setuid processes to dump core by default. To aid in debugging \fBsudo\fR crashes, you may wish to re-enable core dumps by setting diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in index 654722ea5..76ffeeee0 100644 --- a/doc/sudo.mdoc.in +++ b/doc/sudo.mdoc.in @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd August 7, 2015 +.Dd August 9, 2015 .Dt SUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -854,6 +854,8 @@ To prevent the disclosure of potentially sensitive information, .Nm disables core dumps by default while it is executing (they are re-enabled for the command that is run). +This historical practice dates from a time when most operating +systems allowed setuid processes to dump core by default. To aid in debugging .Nm crashes, you may wish to re-enable core dumps by setting