Privsep Debugging Support: /var/crash/$programname, sysctl-Managed, Added

Contributed by tbert on from the crash-test-puffy dept.

Debugging privsep code on OpenBSD-current just became a little easier. In this commit, Theo de Raadt (deraadt@) added a new kern.nosuidcoredump value, 3, which makes core dumps go to /var/crash/$programname (assuming the directory exists), and dumps cores named after the crashing program's PID.

Changes by:	deraadt@cvs.openbsd.org	2014/05/03 21:53:38

Modified files:
	sys/kern       : kern_sig.c 
	lib/libc/gen   : sysctl.3 
	sbin/sysctl    : sysctl.8 
	share/man/man5 : core.5 

Log message:
When kern.nosuidcoredump=3, act like =2 but try to dump cores into
the /var/crash/programname/ directory, as root. For instance,
# mkdir /var/crash/bgpd/
# chmod 700 /var/crash/bgpd/    # If you skip this step, you are a moron
# sysctl kern.nosuidcoredump=3
# bgpd
# pkill -ABRT bgpd
# ls /var/crash/bgpd/
14764.core   23207.core   6423.core
Of course, in real life the idea is that you don't kill the daemon but it
crashes and you collect parallel cores.  Careful you don't fill your /var.
Further tuneables are being considered.

Sorry to be picking on bgpd for this example.  I've watched the "too
difficult to debug privsep code" angst for far too long.
ok guenther

(Comments are closed)


  1. By brynet (Brynet) on http://brynet.biz.tm/

    This could be useful for containing those large browser coredumps, just so long as you don't skip that chmod qualifier step. :-)

    1. By brynet (Brynet) on http://brynet.biz.tm/

      > This could be useful for containing those large browser coredumps, just so long as you don't skip that chmod qualifier step. :-)

      Ah, nevermind. This only applies to setuid processes.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]