Subject: Re: Doubt: core not dumped when binary give up root privileges.
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Alexandre Pereira Nunes <alex@PolesApart.wox.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
In-Reply-To: <3F466E2A.8040905@PolesApart.wox.org>
References: <3F466E2A.8040905@PolesApart.wox.org>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <1061913848.20910.55.camel@dhcp23.swansea.linux.org.uk>
Mime-Version: 1.0
Date: 26 Aug 2003 17:04:08 +0100
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1191
Lines: 28

On Gwe, 2003-08-22 at 20:25, Alexandre Pereira Nunes wrote:
> The program explicitly sets RLIMIT_CORE to RLIM_INFINITY when still 
> running with uid 0.

The kernel assumes a core image from something that was priviledged may
be unsafe.

> If instead of calling the program as root, I call it from the non-priv 
> uid in question, if it crashes, it dumps core on the mentioned dir. 
> That's the desired behaviour, since I can then take the core and debug. 
> But if I run it as root (in fact, I would have to), and it crashes (or 
> is forced to ,by means of kill -SEGV), after it gives up root 
> credentials, it won't leave a core dump file, which in turn means I 
> cannot debug it later.
> 
> Any ideas?

2.4-ac has support for enabling setuid core dumps and setting the dump
path, so you can write such dumps to /root/dumps and the kernel will
make them root accessible only.

The 2.6 test tree and Marcelo 2.4 don't currently support this

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/