Contributed by tbert on from the crash-test-puffy dept.
Debugging privsep code on OpenBSD-current just became a little easier. In this commit, Theo de Raadt (deraadt@) added a new kern.nosuidcoredump value, 3, which makes core dumps go to /var/crash/$programname (assuming the directory exists), and dumps cores named after the crashing program's PID.
Changes by: deraadt@cvs.openbsd.org 2014/05/03 21:53:38 Modified files: sys/kern : kern_sig.c lib/libc/gen : sysctl.3 sbin/sysctl : sysctl.8 share/man/man5 : core.5 Log message: When kern.nosuidcoredump=3, act like =2 but try to dump cores into the /var/crash/programname/ directory, as root. For instance, # mkdir /var/crash/bgpd/ # chmod 700 /var/crash/bgpd/ # If you skip this step, you are a moron # sysctl kern.nosuidcoredump=3 # bgpd # pkill -ABRT bgpd # ls /var/crash/bgpd/ 14764.core 23207.core 6423.core Of course, in real life the idea is that you don't kill the daemon but it crashes and you collect parallel cores. Careful you don't fill your /var. Further tuneables are being considered. Sorry to be picking on bgpd for this example. I've watched the "too difficult to debug privsep code" angst for far too long. ok guenther
(Comments are closed)
By brynet (Brynet) on http://brynet.biz.tm/
Comments
By brynet (Brynet) on http://brynet.biz.tm/
Ah, nevermind. This only applies to setuid processes.