< Flushing nscd's Cache | Russ Allbery > Technical Notes > Solaris | Swapping Boot Disks > |
Solaris by default (at least in Solaris 8) does not allow setuid processes to core dump for obvious security reasons. Sometimes, though, you have to debug a setuid process and really need a core file at the point that it segfaulted or otherwise exploded. The following technique is based on a post by Casper Dik in comp.unix.solaris.
If you know how the process will terminate (with a SEGV or a bus error, for instance), you can try this:
truss -t \!all -S segv,bus -p <pid> &
as root, where <pid> is the PID of the process that you want to catch a core dump of. Now, when the program crashes with one of the specified signals, it will hang around in a stopped state. You can then do:
gcore <pid>
as root to force the process to dump core. (The gcore
program is
worth knowing about in general; you can use it on Solaris to force a
program to dump core at any arbitrary point, which can be invaluable for
debugging purposes.)
Once you have your core file, you can let the process finish crashing with:
prun <pid>
The program will then finish catching the fatal signal and die.
The above technique can also be used to catch core dumps from processes that have their core dump rlimit set to zero for some reason.
Alternatively, you can also turn on core dumps for all setuid processes by putting:
allow_setid_core = 1
in /etc/system
and rebooting, but this is an insecure configuration
to run in permanently and should be changed back as soon as debugging has
finished.
< Flushing nscd's Cache | Russ Allbery > Technical Notes > Solaris | Swapping Boot Disks > |