On 23/02/2010 23:30, Stuart Henderson whispered from the shadows...: > kern.nosuidcoredump=2 works fine for me in -current (though =0 seems > broken), so please try with a newer OS version. This should work, it's > needed for debugging Xorg too.
OK. I can confirm your results, see below for the verbose blow by blow. So for myself, its proven that if I upgrade to 4.6, there is at least one method (sysctl kern.nosuidcoredump=2) to debug setuid() daemon servers. I can live with that; just document kern.nosuidcoredump=2 please in core(5) or setuid(2) for developers. Thank you all for your time. Anthony Howe --- long version --- I'll going to skip the side debate of why my home file server (4.0) and my production machine (4.3) are not at least up to date with 4.6. That way be fiery dragons. I've pulled out an old 500 Mhz machine from a cupboard and have installed 4.6 on it... OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD-K6(tm) 3D processor ("AuthenticAMD" 586-class) 502 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX real mem = 532180992 (507MB) avail mem = 505774080 (482MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/15/95, BIOS32 rev. 0 @ 0xfdb60, SMBIOS rev. 2.1 @ 0xf5e60 (26 entries) bios0: vendor American Megatrends Inc. version "062601" date 07/15/97 bios0: M599LMR M599LMR ... Here is the nulld.c code, slightly tweaked for easy enable/disable of setuid(). usage: nulld [numeric-uid-to-set] Please note that this is not how I would write a setuid daemon server; its strictly meant for testing behaviour of core dumps with respect to setuid(). --- #include <stdlib.h> #include <string.h> int main(int argc, char **argv) { (void) daemon(1,1); (void) chdir("/tmp"); if (1 < argc) { printf("before uid=%d euid=%d\n", getuid(), geteuid()); (void) setuid(strtol(argv[1], NULL, 10)); printf("after uid=%d euid=%d\n", getuid(), geteuid()); } for (;;) sleep(60); /* NOTREACHED */ return 0; } --- Three tests, assumes logged in as root, assumes ulimit -c unlimited: 1. No setuid(), assert kern.nosuidcoredump=1; core dump in /tmp as expected. No argument. r...@pizza:# rm /tmp/*core /var/crash/*core rm: /tmp/*core: No such file or directory rm: /var/crash/*core: No such file or directory r...@pizza:# sysctl kern.nosuidcoredump=1 kern.nosuidcoredump: 1 -> 1 r...@pizza:# ./nulld r...@pizza:# pkill -ABRT nulld r...@pizza:# ls /tmp /var/crash /tmp: .ICE-unix/ .X11-unix/ nulld.core /var/crash: minfree r...@pizza:# 2. setuid(1), nosuidcoredump=0; no core dump in /tmp; there is a problem in OpenBSD 4.6, though given Theo's earlier comments this appears to be policy, which I can accept if its document in core(5) and/or setuid(2) man pages. r...@pizza:# rm /tmp/*core /var/crash/*core rm: /var/crash/*core: No such file or directory r...@pizza:# sysctl kern.nosuidcoredump=0 kern.nosuidcoredump: 1 -> 0 r...@pizza:# ./nulld 1 r...@pizza:# before uid=0 euid=0 after uid=1 euid=1 r...@pizza:# pkill -ABRT nulld r...@pizza:# ls /tmp /var/crash /tmp: .ICE-unix/ .X11-unix/ /var/crash: minfree r...@pizza:# 3. setuid(1), nosuidcoredump=2; core dump in /var/crash; no problem with OpenBSD 4.6. r...@pizza:# rm /tmp/*core /var/crash/*core rm: /tmp/*core: No such file or directory rm: /var/crash/*core: No such file or directory r...@pizza:# sysctl kern.nosuidcoredump=2 kern.nosuidcoredump: 0 -> 2 r...@pizza:# ./nulld 1 r...@pizza:# before uid=0 euid=0 after uid=1 euid=1 r...@pizza:# pkill -ABRT nulld r...@pizza:# ls /tmp /var/crash /tmp: .ICE-unix/ .X11-unix/ /var/crash: minfree nulld.core r...@pizza:# -- Anthony C Howe Skype: SirWumpus SnertSoft +33 6 11 89 73 78 Twitter: SirWumpus BarricadeMX & Milters http://snert.com/ http://nanozen.info/ http://snertsoft.com/