Saturday, August 27, 2011, 10:01:19 AM, you wrote: > There's also the setuid(2)/seteuid(2)/setguid(2)/seteguid(2) issue on > Linux (the kernel does not dump core setXid programs).
I saw that but thought it meant only setuid at the file system level. However, ATS uses prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); presumably to get around that problem. I checked the return value and it claims to have executed correctly. However, perhaps I changed the ordering too much when I fixed the libcap problems. Definitely something to check. > 2) There is also a easier (but a bit less secure way), and enabling it > could cause sensitive data to be dumped to disk as it is a system-wide > setting: > # sysctl -w kernel.core_setuid_ok=1 I'll keep that in mind, although as you write that's a much less preferable solution.
