Re: "Real programs dump core"

[Hauke Fath <hf%spg.tu-darmstadt.de@localhost>]

At 17:27 Uhr +0200 05.09.2011, Martin Husemann wrote:
>On Mon, Sep 05, 2011 at 05:21:22PM +0200, Hauke Fath wrote:
>> % fgrep "not dumped" /var/log/messages
>> Sep  2 22:00:26 pizza /netbsd: pid 590 (sudo-1.7.7), uid 0: exited on
>> signal 10 (core not dumped, err = 27)
>> Sep  4 05:07:32 pizza /netbsd: pid 6605 (planner), uid 73: exited on signal
>> 11 (core not dumped, err = 13)
>
>     13 EACCES Permission denied.  An attempt was made to access a file in a
>             way forbidden by its file access permissions.

That's tough to decipher without a core. Would a setuid root binary dump
core as root, or as the invoking uid?

>     27 EFBIG File too large.  The size of a file exceeded the maximum.  (The
>             system-wide maximum file size is 2**63 bytes.  Each file system
>             may impose a lower limit for files contained within it).

% /root/sudo-1.7.7 /usr/bin/true
Bus error
% limit | grep file
filesize     unlimited
%

Sounds... bogus. Yes, sudo 1.7.5 works (see pkg/45326).

>I wonder if we should have an equivalent for kern.coredump.setid.path for
>non-setid images.

That's another puzzling thing:

# sysctl kern.coredump.setid
kern.coredump.setid.dump = 1
kern.coredump.setid.path = /var/crash/%n.core
kern.coredump.setid.owner = 0
kern.coredump.setid.group = 0
kern.coredump.setid.mode = 0600 (rw------- )
# ls -l /var/crash/
total 2
-rw-------  1 root  wheel  5 Sep  1  2001 minfree
#

-- /var has > 3 GB free.

Thanks,
        hauke

-- 
     The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email            Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
     Respect for open standards              Ruf +49-6151-16-3281