Praveen's Blog

An Eternal Quest for Incremental Improvement

Dumping core file from set-UID, set-GID 'ed processes in Linux

Lately I was encountering segmentation fault with one of our processes and found that it was not dumping core file even though we asked it by using appropriate ulimit setting. It was set-UIDed root. Then I discovered that the default behavior of set-UID, set-GID processes is not to dump core unless explicitly asked by prctl(2). In order to dump core, the following has to be done.

prctl( PR_SET_DUMPABLE, 1 );

I haven't dealt a lot with set-UIDed processes. This was a valuable information to be leaned. Here is more information about this option.

PR_SET_DUMPABLE
       (Since Linux 2.3.20) Set the  state  of  the  flag  determining
       whether  core dumps are produced for this process upon delivery
       of a signal whose default behavior is to produce a  core  dump.
       (Normally  this flag is set for a process by default, but it is
       cleared when a set-user-ID or set-group-ID program is  executed
       and  also  by various system calls that manipulate process UIDs
       and GIDs).  In kernels up to and including 2.6.12, arg2 must be
       either  0 (process is not dumpable) or 1 (process is dumpable).
       Between kernels 2.6.13 and 2.6.17, the value 2 was also permitā€
       ted, which caused any binary which normally would not be dumped
       to be dumped readable by root only; for security reasons,  this
       feature  has  been  removed.   (See  also  the  description  of
       /proc/sys/fs/suid_dumpable in proc(5).)

Comments