The short list #5: coredumping with sudo on #FreeBSD


Things I learned from a misbehaving pam module managing our sudo context at work.  sudo, for security, will not dump core files if it hits a segfault.  You need to tell the kernel to allow set uid root binaries to core dump *and* you have to let sudo know that its ok via a sudo.conf entry.

DO NOT LEAVE THESE AS DEFAULTS

kern.sugid_coredump: 1

/etc/sudo.conf –> Set disable_coredump true

ref –> http://www.sudo.ws/sudo.man.html

 


2 responses to “The short list #5: coredumping with sudo on #FreeBSD”

  1. Errr… are you sure that you don’t mean “Set disable_coredump false”? 🙂 Or was that meant as an additional hurdle to people who blindly copy stuff from random websites and run it without really thinking about what it means? 🙂