Re: Doubt: core not dumped when binary give up root privileges.

From: Alexandre Pereira Nunes
Date: Tue Aug 26 2003 - 11:53:45 EST

Next message: YOSHIFUJI Hideaki / 吉藤英明: "Re: [OOPS] less /proc/net/igmp"
Previous message: Robert L. Harris: "Re: Where'd my second proc go?"
In reply to: Alan Cox: "Re: Doubt: core not dumped when binary give up root privileges."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox wrote:

On Gwe, 2003-08-22 at 20:25, Alexandre Pereira Nunes wrote:

The program explicitly sets RLIMIT_CORE to RLIM_INFINITY when still running with uid 0.

The kernel assumes a core image from something that was priviledged may
be unsafe.

That makes sense... By that time, I took a look at the sources and found the prctl syscall, and with a little tweaking it was possible to do what I wish (keep reading)...

If instead of calling the program as root, I call it from the non-priv uid in question, if it crashes, it dumps core on the mentioned dir. That's the desired behaviour, since I can then take the core and debug. But if I run it as root (in fact, I would have to), and it crashes (or is forced to ,by means of kill -SEGV), after it gives up root credentials, it won't leave a core dump file, which in turn means I cannot debug it later.

Any ideas?

2.4-ac has support for enabling setuid core dumps and setting the dump
path, so you can write such dumps to /root/dumps and the kernel will
make them root accessible only.

The 2.6 test tree and Marcelo 2.4 don't currently support this

That's an interesting feature and is almost exactly what I needed: I wrote a daemon, which is started by root at boot time. In some point at startup, it chroot to an application-specific directory and gives up privileges. If it would dump core, it had to be on that directory, which has somewhat restrict permissions, so that I (and only I) can get it later for further analysis. By means of chroot + prctl it was possible to achieve this, but it would be simpler with this approach of yours, which could also help in debugging in case something else crashes. I'm inclined to adopting it, even though the daemon will ship to run on third-parties machines, and I'll have no much control of what kernel is running there (probably distribution default ones). I'll see what is possible here... Thank you!

Alexandre

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: YOSHIFUJI Hideaki / 吉藤英明: "Re: [OOPS] less /proc/net/igmp"
Previous message: Robert L. Harris: "Re: Where'd my second proc go?"
In reply to: Alan Cox: "Re: Doubt: core not dumped when binary give up root privileges."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]