Dumping core file from set-UID, set-GID ‘ed processes in Linux
Lately I was encountering segmentation fault with one of our processes and found that it was not dumping core file even though we asked it by using appropriate ulimit setting. It was set-UIDed root. Then I discovered that the default behavior of set-UID, set-GID processes is not to dump core unless explicitly asked by prctl(2). In order to dump core, the following has to be done.
prctl( PR_SET_DUMPABLE, 1 );
I haven’t dealt a lot with set-UIDed processes. This was a valuable information to be leaned. Here is more information about this option.
PR_SET_DUMPABLE
(Since Linux 2.3.20) Set the state of the flag determining
whether core dumps are produced for this process upon delivery
of a signal whose default behavior is to produce a core dump.
(Normally this flag is set for a process by default, but it is
cleared when a set-user-ID or set-group-ID program is executed
and also by various system calls that manipulate process UIDs
and GIDs). In kernels up to and including 2.6.12, arg2 must be
either 0 (process is not dumpable) or 1 (process is dumpable).
Between kernels 2.6.13 and 2.6.17, the value 2 was also permitā
ted, which caused any binary which normally would not be dumped
to be dumped readable by root only; for security reasons, this
feature has been removed. (See also the description of
/proc/sys/fs/suid_dumpable in proc(5).)