{"id":166,"date":"2014-01-28T18:59:20","date_gmt":"2014-01-28T18:59:20","guid":{"rendered":"http:\/\/blog.ignoranthack.me\/?p=166"},"modified":"2014-04-19T14:46:08","modified_gmt":"2014-04-19T14:46:08","slug":"the-short-list-5-coredumping-with-sudo-on-freebsd","status":"publish","type":"post","link":"http:\/\/blog.ignoranthack.me\/?p=166","title":{"rendered":"The short list #5: coredumping with sudo on #FreeBSD"},"content":{"rendered":"<p>Things I learned from a misbehaving pam module managing our sudo context at work.\u00a0 sudo, for security, will not dump core files if it hits a segfault.\u00a0 You need to tell the kernel to allow set uid root binaries to core dump *and* you have to let sudo know that its ok via a sudo.conf entry.<\/p>\n<p><strong>DO NOT LEAVE THESE AS DEFAULTS<\/strong><\/p>\n<p>kern.sugid_coredump: 1<\/p>\n<p>\/etc\/sudo.conf &#8211;&gt; Set disable_coredump true<\/p>\n<p>ref &#8211;&gt; http:\/\/www.sudo.ws\/sudo.man.html<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Things I learned from a misbehaving pam module managing our sudo context at work.\u00a0 sudo, for security, will not dump core files if it hits a segfault.\u00a0 You need to tell the kernel to allow set uid root binaries to core dump *and* you have to let sudo know that its ok via a sudo.conf [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"_share_on_mastodon":"0"},"categories":[2],"tags":[],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=\/wp\/v2\/posts\/166"}],"collection":[{"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=166"}],"version-history":[{"count":2,"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=\/wp\/v2\/posts\/166\/revisions"}],"predecessor-version":[{"id":168,"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=\/wp\/v2\/posts\/166\/revisions\/168"}],"wp:attachment":[{"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=166"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.ignoranthack.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}