Re: kern/45393 (core dumps are unilaterally prevented by unmounted cwd or MNT_NOCOREDUMP even if corename will be valid)

["Greg A. Woods" <woods%planix.com@localhost>]

The following reply was made to PR kern/45393; it has been noted by GNATS.

From: "Greg A. Woods" <woods%planix.com@localhost>
To: NetBSD GNATS <gnats-bugs%NetBSD.org@localhost>
Cc: <christos%NetBSD.org@localhost>,
        NetBSD Kernel Bug People <kern-bug-people%netbsd.org@localhost>,
        <wiz%NetBSD.org@localhost>
Subject: Re: kern/45393 (core dumps are unilaterally prevented by unmounted cwd 
or MNT_NOCOREDUMP even if corename will be valid)
Date: Fri, 23 Sep 2011 17:18:11 -0700

 --pgp-sign-Multipart_Fri_Sep_23_17:18:10_2011-1
 Content-Type: text/plain; charset=US-ASCII
 Content-Transfer-Encoding: quoted-printable
 
 At Fri, 23 Sep 2011 09:01:06 +0000 (UTC), wiz%NetBSD.org@localhost wrote:
 Subject: Re: kern/45393 (core dumps are unilaterally prevented by unmounted=
  cwd or MNT_NOCOREDUMP even if corename will be valid)
 >=20
 > Ok to close?
 
 What Christos committed isn't exactly what I had in mind...  :-)
 
 It is now strictly obeying MNT_NOCOREDUMP, but given the prevalence of
 single-filesystem systems, I think what I suggested makes more sense,
 i.e. only honour MNT_NOCOREDUMP if the pathname is relative, thus
 allowing the administrator to set an absolute pathname for one or more
 processes (or even sometimes all of them via kern.defcorename, though
 that choice obviates the need for setting MNT_NOCOREDUMP in the first
 place, except as a second line of defence from accidental core
 pollution) to allow them to dump core in a given location, and also
 allowing a user to get a core image from their own processes upon
 specific request, but otherwise preventing processes from normally
 dumping in any old CWD.
 
 However, on second look I realize I have not yet fully explored all the
 potential problems with ptrace().  I think it's safe the way I wrote it,
 but I cannot yet prove it.
 
 If so then I guess the question is whether MNT_NOCOREDUMP should reign
 supreme, or whether there should be a way around it for special cases.
 
 Personally I think that if I as the superuser set proc.blah.corename (or
 kern.defcorename) to an absolute pathname then I want core dumps to
 happen even if I'm silly enough to also have MNT_NOCOREDUMP set on the
 filesystem for that location.
 
 I think users should also be able to use ptrace() or proc.*.corename to
 force a core dump to an absolute pathname (where they have sufficient
 privilege) regardless of whether the admin has set things up to
 generally prevent cores from dropping in random CWDs anywhere and
 everywhere.
 
 Indeed I think MNT_NOCOREDUMP is basically a throwback to before there
 was a way to set an absolute pathname for core files and that it could
 be at least reduced in importance in the way I suggest, if not
 deprecated entirely.
 
 Perhaps this should be discussed with a wider audience?
 
 --=20
                                                Greg A. Woods
 
 +1 250 762-7675                                RoboHack 
<woods%robohack.ca@localhost>
 Planix, Inc. <woods%planix.com@localhost>      Secrets of the Weird 
<woods%weird.com@localhost>
 
 --pgp-sign-Multipart_Fri_Sep_23_17:18:10_2011-1
 Content-Type: application/pgp-signature
 Content-Transfer-Encoding: 7bit
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (NetBSD)
 
 iD8DBQBOfSHCZn1xt3i/9H8RAsi3AJ4iCuPv7qJ6aroTHez+yyZCB+PYdQCdHXDe
 Zxg7j8MMckwWqjXu5L/AYls=
 =ng3z
 -----END PGP SIGNATURE-----
 
 --pgp-sign-Multipart_Fri_Sep_23_17:18:10_2011-1--