Dumping core file from set-UID, set-GID 'ed processes in Solaris
I had a previous
post
on how to turn on core files for set-UID, set-GID processes under Linux.
Recently we ran into the same problem on Solaris. To turn on core files
for set-id processes, use coreadm
.
$ pfexec coreadm -e global-setid
Please keep in mind that these core files can have information that non-privileged user isn't supposed to know. Quoting from Solaris man page:
A process that is or ever has been setuid or setgid since its last
exec(2) presents security issues that relate to dumping
core. Similarly, a process that initially had superuser privileges and
lost those privileges through setuid(2) also presents security issues
that are related to dumping core. A process of either type can contain
sensitive information in its address space to which the current
nonprivileged owner of the process should not have access. If setid
core files are enabled, they are created mode 600 and owned by the
superuser.