生成由sudo运行的进程的核心转储。

huangapple go评论69阅读模式
英文:

Generate core dump for a process run by sudo

问题

向我的 `/etc/security/limits.conf` 文件中添加以下行并重新启动:

root soft core unlimited

  •           soft    core            unlimited 
    

现在核心转储文件会在我的用户和 `sudo su` 下生成。在这两种情况下,`ulimit -a` 都会显示我所期望的:

core file size (blocks, -c) unlimited


但是当我在我的用户下运行 `sudo bash -c "ulimit -a"` 时,我得到:

core file size (blocks, -c) 0


并且对于使用 `sudo` 运行并被 SIGSEGV 破坏的进程不会在 `/var/lib/apport/coredump/` 生成核心转储。即使运行以下命令也无济于事:`sudo bash -c "ulimit -c unlimited"`。

该如何处理?请问为什么 sudo 的核心转储限制与 root 的不同?我期望当我运行 `sudo bash -c "ulimit -a"` 时,我会得到 root 的值。谢谢。
英文:

To my /etc/security/limits.conf I add the following lines and rebooted:

root            soft    core            unlimited
*               soft    core            unlimited

Now core dumps are generated under my user and under sudo su. And in both cases ulimit -a shows me the desired:

core file size              (blocks, -c) unlimited

But when under my user I run sudo bash -c "ulimit -a" I get:

core file size              (blocks, -c) 0

and core dumps for processes run with sudo and destroyed e.g. by SIGSEGV are not generated at /var/lib/apport/coredump/. This command also does not help: sudo bash -c "ulimit -c unlimited".

What can be done? Could you, please explain, why the core dump limit for sudo is different than that of root? I expected that when I run sudo bash -c "ulimit -a" I would get values for root. Thank you.

答案1

得分: 1

cat /etc/sudoers.d/mysudoers

Defaults rlimit_core=default

这个答案可以在这里找到:

https://superuser.com/questions/1733614/how-to-configure-core-dumps-ulimit-c-from-within-sudo-within-docker

解释:

https://manpages.ubuntu.com/manpages/jammy/en/man5/sudoers.5.html :

资源限制
... 唯一的例外是核心转储文件大小,这是由sudoers默认设置为0。默认情况下禁用核心转储,可以避免潜在的安全问题,其中核心文件被视为可信输入。

此外,请注意,需要执行 kill -11 $mypid,其中pid是./myapp的pid,而不是其父进程sudo ./myapp。注意:11代表SIGSEGV。

英文:
# cat  /etc/sudoers.d/mysudoers
Defaults rlimit_core=default

The answer was found here:

https://superuser.com/questions/1733614/how-to-configure-core-dumps-ulimit-c-from-within-sudo-within-docker

The explanation:

https://manpages.ubuntu.com/manpages/jammy/en/man5/sudoers.5.html :

> Resource limits
... The one exception to this is the core dump file size,
which is set by sudoers to 0 by default. Disabling core dumps by default makes it possible
to avoid potential security problems where the core file is treated as trusted input.

Also, note that it's crucial to make kill -11 $mypid, where the pid is that of ./myapp, rather than its parent process sudo ./myapp. Note: 11 is SIGSEGV.

huangapple
  • 本文由 发表于 2023年3月1日 16:14:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/75601039.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定