[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: "Real programs dump core"
At 17:27 Uhr +0200 05.09.2011, Martin Husemann wrote:
>On Mon, Sep 05, 2011 at 05:21:22PM +0200, Hauke Fath wrote:
>> % fgrep "not dumped" /var/log/messages
>> Sep 2 22:00:26 pizza /netbsd: pid 590 (sudo-1.7.7), uid 0: exited on
>> signal 10 (core not dumped, err = 27)
>> Sep 4 05:07:32 pizza /netbsd: pid 6605 (planner), uid 73: exited on signal
>> 11 (core not dumped, err = 13)
> 13 EACCES Permission denied. An attempt was made to access a file in a
> way forbidden by its file access permissions.
That's tough to decipher without a core. Would a setuid root binary dump
core as root, or as the invoking uid?
> 27 EFBIG File too large. The size of a file exceeded the maximum. (The
> system-wide maximum file size is 2**63 bytes. Each file system
> may impose a lower limit for files contained within it).
% /root/sudo-1.7.7 /usr/bin/true
% limit | grep file
Sounds... bogus. Yes, sudo 1.7.5 works (see pkg/45326).
>I wonder if we should have an equivalent for kern.coredump.setid.path for
That's another puzzling thing:
# sysctl kern.coredump.setid
kern.coredump.setid.dump = 1
kern.coredump.setid.path = /var/crash/%n.core
kern.coredump.setid.owner = 0
kern.coredump.setid.group = 0
kern.coredump.setid.mode = 0600 (rw------- )
# ls -l /var/crash/
-rw------- 1 root wheel 5 Sep 1 2001 minfree
-- /var has > 3 GB free.
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-3281
Main Index |
Thread Index |