Here's a little "do nothing" daemon server that demonstrates the problem.
---
#include <stdlib.h>
int
main()
{
(void) daemon(1,1);
(void) chdir("/tmp");
printf("before uid=%d euid=%d\n", getuid(), geteuid());
(void) setuid(1);
printf("after uid=%d euid=%d\n", getuid(), geteuid());
for (;;)
sleep(1);
/* NOTREACHED */
return 0;
}
---
As root...
# gcc a.c build
# ulimit -S -c unlimited set core dumps
# ulimit -a verify coredump unlimited
# sysctl kern.nosuidcoredump=0 or set to =2
# ./a.out start it, becomes user daemon (id 1)
and set work dir to /tmp
# pkill -ABRT a.out kill it
# ls -a /tmp /var/crash OOPS! No core file.
Without the call to setuid, then the daemon will create a core file in /tmp.
What I would like to know is how to get a core file when the daemon
program uses setuid/seteuid family of functions, which appears to make
it subject to kern.nosuidcoredump? I've tried all 3 possible values
/* KERN_NOSUIDCOREDUMP interger values:
*
* 0 dump core,
* 1 disable dump core (default)
* 2 dump core to /var/crash.
*/
Nothing appears to work. Tested on 4.0 and 4.3 systems.
So what am I forgetting?
--
Anthony C Howe Skype: SirWumpus SnertSoft
+33 6 11 89 73 78 Twitter: SirWumpus BarricadeMX & Milters
http://snert.com/ http://nanozen.info/ http://snertsoft.com/
