Re: do_coredump and O_NOFOLLOW

From: Valdis . Kletnieks
Date: Wed Aug 15 2007 - 11:13:20 EST


On Wed, 15 Aug 2007 16:03:39 +0800, gshan said:

> Bernd, Thanks for your reply. I don't think there are any hostile users
> on the system. So it's relatively of security. I didn't hear of coreadm
> tool before, Linux will become more powerful with coreadm.

Well, *right now* you don't have hostile users. However, that can change, if a
user's password gets compromised (often because they left it on a stick-it note
on the monitor), or if somebody is running Firefox and accidentally hits a
malicious site that exploits a Firefox bug, or if one of your company's
employees didn't get the raise they wanted, so they're quitting and planning to
kill the system on their way out the door....

Attachment: pgp00000.pgp
Description: PGP signature