from small one page howto to huge articles all in one place
 

search text in:





Poll
What does your sytem tell when running "ulimit -u"?








poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

197627

userrating:

average rating: 1.7 (102 votes) (1=very good 6=terrible)


May 25th. 2007:
Words

486

Views

252575

why adblockers are bad


Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

141557

userrating:

average rating: 1.4 (42 votes) (1=very good 6=terrible)


April, 26th. 2006:

Druckversion . pdf icon
You are here: System->Tips and Tricks

setting the core dump name schema


Why would you want to change the names of the coredump from the default?


Update: this is also a very useful defence against a currently known severe security affecting bug. See Core Dump Handling Vulnerability for information and workarounds

Lets assume you got a couple of core dumps files in one directory (e.g. home) and you don't know which program caused it.

Unless you have a grsec/pax kernel with logging features enabled, it might get tricky to find out who caused the coredumps.

This is the point where the naming scheme comes handy :)

The pattern can be read/set via /proc/sys/kernel/core_pattern.

To set a new one just do:

echo "newpattern" > /proc/sys/kernel/core_pattern

you can have variables to make the file named different per executable, pid a.s.o..

max length 64 characters; default value is "core"

Here is a small list of possible variables

%p:       pid
%<NUL>: '%' is dropped
%%: output one '%'
%u: uid
%g: gid
%s: signal number
%t: UNIX time of dump
%h: hostname
%e: executable filename
%<OTHER>: both are dropped

If core_pattern does not include "%p" (default does not) and core_uses_pid is set, then .PID will be appended to the filename.

example:
echo "core.%e.%p" > /proc/sys/kernel/core_pattern

produces files names


core.<executable>.<pid>

to make the changes permanent, add the following line to /etc/sysctl.conf:

kernel.core_pattern = core.%e.%p

happy core dumping.


rate this article:
current rating: average rating: 1.3 (157 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back





Support us on Content Nation
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2020 Sascha Nitsch Unternehmensberatung GmbH
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 38.4 ms