On Sat, Jan 12, 2013 at 8:50 PM, Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx> wrote: >>>> .SS Piping core dumps to a program >>>> Since kernel 2.6.19, Linux supports an alternate syntax for the >>>> .I /proc/sys/kernel/core_pattern >>>> diff --git a/man5/proc.5 b/man5/proc.5 >>>> index c29eacc..940c1fa 100644 >>>> --- a/man5/proc.5 >>>> +++ b/man5/proc.5 >>>> @@ -2481,6 +2481,13 @@ For security reasons core dumps in this mode will not overwrite one >>>> another or other files. >>>> This mode is appropriate when administrators are >>>> attempting to debug problems in a normal environment. >>>> +Additionally, since Linux 3.6, >>>> +.\" 9520628e8ceb69fa9a4aee6b57f22675d9e1b709 >>>> +.I /proc/sys/kernel/core_pattern >>>> +must either be a fully-qualified path, or a pipe command, as detailed in >>>> +.BR core (5). >>>> +Warnings will be emitted to the kernel syslog about disallowed combinations. >>> >>> What does "disallowed combinations" mean? Other than an absolute >>> pathname or a pipe command? And other than the warning to the kernel >>> log, how are the disallowed combinations treated? Are they ignored? >> >> Yeah, by disallowed I mean a core_pattern that starts with neither / >> nor | and suid_dumpable is set to 2. When conditions change to a >> disallowed state, the kernel warns in dmesg. If a core dump happens >> under this condition, the kernel warns again about the condition and >> does not dump core. > > So, does the following text look okay? > > Additionally, since Linux 3.6, /proc/sys/ker‐ > nel/core_pattern must either be an absolute path‐ > name or a pipe command, as detailed in core(5). > Warnings will be written to the kernel log if > core_pattern does not follow these rules, and no > core dump will be produced. Yeah, that looks great. Thanks! -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
