The short list #5: coredumping with sudo on #FreeBSD

Things I learned from a misbehaving pam module managing our sudo context at work.  sudo, for security, will not dump core files if it hits a segfault.  You need to tell the kernel to allow set uid root binaries to core dump *and* you have to let sudo know that its ok via a sudo.conf entry.

DO NOT LEAVE THESE AS DEFAULTS

kern.sugid_coredump: 1

/etc/sudo.conf –> Set disable_coredump true

ref –> http://www.sudo.ws/sudo.man.html

 

2 thoughts on “The short list #5: coredumping with sudo on #FreeBSD

  1. Peter Pentchev

    Errr… are you sure that you don’t mean “Set disable_coredump false”? :) Or was that meant as an additional hurdle to people who blindly copy stuff from random websites and run it without really thinking about what it means? :)

Comments are closed.