LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* Re: [Fwd: [PATCH 4/4] coredump: documentation for proc and sysctl]
       [not found] <45BA0E41.2080204@hitachi.com>
@ 2007-01-26 16:58 ` Pavel Machek
  2007-01-30  7:40   ` Kawai, Hidehiro
  0 siblings, 1 reply; 2+ messages in thread
From: Pavel Machek @ 2007-01-26 16:58 UTC (permalink / raw)
  To: Kawai, Hidehiro; +Cc: kernel list, Andrew Morton

Hi!


> This patch adds the documentation for the following parameters:
>   /proc/<pid>/core_flags
>   /proc/sys/kernel/core_flags_enable

Sysctl seems really strange to me. Either the feature is safe to use,
or it is not. Users can already ulimit -c 0, and we do not have
"/proc/sys/kernel/allow_users_to_disable_their_core_dumps".

Plus, this is pretty analogical to ulimit -c, so I believe it should
be implemented like that one. You'll need less locking that way.

> +2.14 /proc/<pid>/core_flags - Core dump control flags
> +---------------------------------------------------------------------
> +When a process is dumped, all anonymous memory is written to a core file as
> +long as the size of the core file isn't limited. But sometimes we don't want
> +to dump some memory segments, for example, huge shared memory.
> +
> +The /proc/<pid>/core_flags file enables you to omit some anonymous memory from
> +a core file when it is generated. The content of the proc file is bitmask of
> +memory segment types you don't want to dump. When the <pid> process is dumped,
> +the core dump routine decides whether a given memory segment should be dumped
> +into a core file or not, based on the type of the memory segment and bitmask.
> +
> +Currently, only valid bit is bit 0. If bit 0 is set, anonymous `shared' memory
> +segments are not dumped. There are three types of anonymous shared memory:
> +
> +  - IPC shared memory
> +  - the memory segments created by mmap(2) with MAP_ANONYMOUS and MAP_SHARED
> +    flags
> +  - the memory segments created by mmap(2) with MAP_SHARED flag, and the
> +    mapped file has already been unlinked
> +
> +Because current core dump routine doesn't distinguish these segments, you can
> +only choose either dumping all anonymous shared memory segments or not.
> +
> +If you don't want to dump all shared memory segments attached to pid 1234, set
> +the bit 0 of the process's core_flags to 1:
> +
> +  $ echo 1 > /proc/1234/core_flags
> +
> +Additionally, you can check its hexadecimal value by reading the file:
> +
> +  $ cat /proc/1234/core_flags
> +  00000001
> +
> +When a new process is created, the process inherits the core_flags setting
> +from its parent. It is useful to set the core_flags before the program runs.
> +For example:
> +
> +  $ echo 1 > /proc/self/core_flags
> +  $ ./some_program
> +

									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH 4/4] coredump: documentation for proc and sysctl]
  2007-01-26 16:58 ` [Fwd: [PATCH 4/4] coredump: documentation for proc and sysctl] Pavel Machek
@ 2007-01-30  7:40   ` Kawai, Hidehiro
  0 siblings, 0 replies; 2+ messages in thread
From: Kawai, Hidehiro @ 2007-01-30  7:40 UTC (permalink / raw)
  To: Pavel Machek, Andrew Morton
  Cc: kernel list, sugita, Masami Hiramatsu, Satoshi OSHIMA, Hideo AOKI@redhat

Hi Pavel and Andrew,

Pavel Machek wrote:
>>This patch adds the documentation for the following parameters:
>>  /proc/<pid>/core_flags
>>  /proc/sys/kernel/core_flags_enable
> 
> Sysctl seems really strange to me. Either the feature is safe to use,
> or it is not. Users can already ulimit -c 0, and we do not have
> "/proc/sys/kernel/allow_users_to_disable_their_core_dumps".

Oh, I had forgotten that.  Thank you for pointing out.  The purpose of
this sysctl is to prevent a bad process from hiding its memory.
But as you say, this sysctl isn't enough for the purpose.

Andrew wrote:
> Does this feature have any security implications?  For example, there might
> be system administration programs which force a coredump on a "bad"
> process, and leave the core somewhere for the administrator to look at. 

I have never heard of the story that ulimit -c 0 bothered an
administrator who wanted to force a coredump.  So even without this
sysctl, the administrator wouldn't bother about security concerns.
I'll drop it from the next version.

Thanks,
-- 
Hidehiro Kawai
Hitachi, Ltd., Systems Development Laboratory



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2007-01-30  7:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <45BA0E41.2080204@hitachi.com>
2007-01-26 16:58 ` [Fwd: [PATCH 4/4] coredump: documentation for proc and sysctl] Pavel Machek
2007-01-30  7:40   ` Kawai, Hidehiro

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).