COMMAND
	    coredumps
SYSTEMS AFFECTED
	    BSD/OS 2.x
PROBLEM
	    Denis Papp posted  following.  Patch  K210-029 may lead  people to
	    have  wrong  opinion.   Quote:  "This  patch  addresses a security
	    problem with core dumps from setuid programs."
	    Apparently this  patch does  not fix  the problem  where coredumps
	    follow symlinks.   If a  user knows  how to  core dump  any setuid
	    root program  that user  can then  clobber any  file on the system
	    (/root/.rhosts,    /etc/passwd,    /etc/hosts.equiv,    whatever).
	    Furthermore  if  that  user  knows  how  to  clobber a setuid root
	    program that calls getpass* then the user can get all the shadowed
	    passwords (not quite all (depending  on the size of your  password
	    file), but certainly some).
	    This is easy to verify by  creating a simple setuid root app  that
	    core  dumps  and  then  making  a  symbolic  link from app.core to
	    /root/.rhosts.   If  your  system  accepts  '+  +' anywhere in the
	    .rhosts file you can put that in your env to get root access.
SOLUTION
	    There  is  a  later  patch  for  BSD/OS  3.0  (M300-023)  which is
	    described as:
	
	        Fixes  a  potential  denial  of  service attack related to the
	        kernel following symbolic links when writing core files.
	
	    which should fix the problem once and for all. The initial release
	    of 3.0 attempted to fix  the problem differently and failed.   The
	    M300-023 patch,  doesn't disable  SUID core  dumps altogether  but
	    does  prevent  them   from  following  symlinks.    Unfortunately,
	    upgrading to 3.0 requires you to pay BSDI.