[PATCH] Set PR_SET_DUMPABLE before switching uid to allow core dumps.

Thomas Liske liske at ibh.de
Fri Jan 13 15:21:36 CET 2023


Signed-off-by: Thomas Liske <liske at ibh.de>
---

This patch sets the PR_SET_DUMPABLE capability before switching
to a unprivileged user to allow core dumps (see also the paragraph
about set-user-ID in `man 5 core`)

Background: While debugging bird on Alpine we wonder why it was
not possible to get a core dump when bird runs under a unprivileged
user.

Original Alpine Issue:
https://gitlab.alpinelinux.org/alpine/aports/-/issues/14408


 sysdep/linux/syspriv.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sysdep/linux/syspriv.h b/sysdep/linux/syspriv.h
index 8b210f06..efb1fff0 100644
--- a/sysdep/linux/syspriv.h
+++ b/sysdep/linux/syspriv.h
@@ -73,6 +73,10 @@ drop_uid(uid_t uid)
   if (prctl(PR_SET_KEEPCAPS, 1) < 0)
     die("prctl: %m");
 
+  /* allow core dumps after dropping root ID */
+  if (prctl(PR_SET_DUMPABLE, 1) < 0)
+    die("prctl: %m");
+
   /* completely switch to the unprivileged user ID */
   if (setresuid(uid, uid, uid) < 0)
     die("setresuid: %m");
-- 
2.30.2



More information about the Bird-users mailing list