I had a previous post on how to turn on core files for set-UID, set-GID processes under Linux. Recently we ran into the same problem on Solaris. To turn on core files for set-id processes, use coreadm.
$ pfexec coreadm -e global-setid
Please keep in mind that these core files can have information that non-privileged user isn’t supposed to know. Quoting from Solaris man page:
A process that is or ever has been setuid or setgid since
its last exec(2) presents security issues that relate to
dumping core. Similarly, a process that initially had
superuser privileges and lost those privileges through
setuid(2) also presents security issues that are related to
dumping core. A process of either type can contain sensitive
information in its address space to which the current
nonprivileged owner of the process should not have access.
If setid core files are enabled, they are created mode 600
and owned by the superuser.
Recent Comments