[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: getting a regular user to dump core when a program crashes

On Mon, Feb 28, 2022 at 11:41:27AM -0500, The Wanderer wrote:
> By default, yes, that's the case. However, from songbird's original
> post:
> 
> >>>> i have the following set in my /etc/sysctl.conf:
> >>>> 
> >>>> # core file location and file name format
> >>>> kernel.core_pattern=/crash/core.%u.%E.%p
> 
> That appears to be a kernel parameter which defines the path and
> filename of the core file.
> 
> I imagine that this was set in order to be able to specify a filename
> other than the default, with relevant information about the dumping
> process (and avoiding the problem of multiple such files overwriting one
> another), and that the syntax of the kernel parameter in question is
> such that you have to specify the full path to the file.

OK... let's see.  I tried several dead end man pages (why the hell
don't they have comprehensive SEE ALSO sections?!).  Then gave up, then
decided to try "man -k sysctl".  This led me to discover that there is
a sysctl(2) page in addition to sysctl(8) (the latter does NOT link
to the former).

sysctl(2) mentions core_pattern and says to see core(5).

core(5) says:

       By default, a core dump file is  named  core,  but  the  /proc/sys/ker‐
       nel/core_pattern file (since Linux 2.6 and 2.4.21) can be set to define
       a template that is used to name core dump files.  The template can con‐
       tain  % specifiers which are substituted by the following values when a
       core file is created:

No mention is made of specifying *directories* by this mechanism, except
for the %E specifier, which is documented as:

           %E  Pathname of executable, with slashes ('/') replaced by exclama‐
               tion marks ('!') (since Linux 3.0).

Funny how they went out of their way to change slashes to a different
character, isn't it.

But songbird appears to believe that one can put *actual* slashes in this
kernel config file, and have them be treated as an absolute pathname.
Despite this not being mentioned in the man page as far as I could see,
and despite defying all of my experience with core files.

So let's test whether this works.  My testing is occurring on bullseye
running this kernel:

unicorn:~$ uname -r
5.10.0-11-amd64

And here's the test:

unicorn:~$ sudo sh -c 'echo /tmp/core > /proc/sys/kernel/core_pattern'
[sudo] password for greg: 
unicorn:~$ ls -ld core
ls: cannot access 'core': No such file or directory
unicorn:~$ ./coredump
Segmentation fault (core dumped)
unicorn:~$ ls -ld core /tmp/core
ls: cannot access 'core': No such file or directory
-rw------- 1 greg greg 249856 Feb 28 12:16 /tmp/core

Well, that's interesting.  You *can* specify an absolute directory by
this mechanism.  I guess I learned something today.

So, what exactly was the complaint?  That songbird shot themselves in
the foot by specifying an absolute directory for core dumps that wasn't
writable by the user generating the core dumps?  Well, don't do that.
Reply to: