On Wed, Mar 10, 1999, Marc Slemko wrote:
> On Wed, 10 Mar 1999, Ralf S. Engelschall wrote:
> > On Wed, Mar 10, 1999, Steffen Dettmer wrote:
> >
> > > > > ... somewhere in a core dump from httpd ...
> > > > That's why most Unix platforms do not create core files for daemon processes
> > > > running under or started as UID=0 (root).
> > >
> > > I thought that is "overrideable" using "ulimit -c 10000000" ?
> >
> > Perhaps, but AFAIK it's a hard-coded thing in some kernels.
> > Wasn't Linux one of those kernels who had it hard-coded?
> > I cannot remember...
>
> Most "current" kernels do not allow a process to dump core after it
> has done a setuid() (unless it does an exec()) for security reasons;
> there can be privileged information left over in memory.
Thanks for explaining the kernel's actual decisions in more detail, Marc.
I've now also adjusted the mod_ssl FAQ entry about this to make it more clear.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
