At 02:12 PM 3/3/2003, Justin Erenkrantz wrote: >--On Monday, March 3, 2003 2:14 PM -0500 Bill Stoddard <[EMAIL PROTECTED]> wrote: > >>Obviously not. If it is -really- unwise, then we should just not do it. I >>see no evidence that is the case though. How, exactly, could this hook be >>remotely and uniquely exploited? > >We need to keep our signal handling code to a minimum since we can make no >assumptions about the system integrity once we enter such routines. Allowing a hook >to always be run by default seems like asking for trouble (because it'd be a global >structure that might be susceptible to being maliciously overwritten). > >We've had strong recommendations from security types in the past to remove >sig_coredump entirely. -- justin
Maybe that's the answer. One compile flag to eliminate the segv handler altogether, along with the proposed hook, or keep segv handling along with the hook. --segv-handler=enable|disable ??? No need for an in between 'one but not the other', at least I don't believe. Bill
