如何从 setcap 可执行文件获取核心转储?
为了防止特权数据逃逸,Linux 上的 setcap 可执行文件不会转储核心:
ijw@build$ cat > test.c
main() { abort(); }
ijw@build$ gcc test.c
test.c: In function ‘main’:
test.c:1: warning: incompatible implicit declaration of built-in function ‘abort’
ijw@build$ ./a.out
Aborted (core dumped)
ijw@build$ sudo setcap "cap_net_admin=+ep" a.out
ijw@build$ ./a.out
Aborted
当您正在调试并且确实想要查看核心文件时,有什么方法可以启用它吗?
To prevent the escape of privileged data, setcap executables on Linux don't dump core:
ijw@build$ cat > test.c
main() { abort(); }
ijw@build$ gcc test.c
test.c: In function ‘main’:
test.c:1: warning: incompatible implicit declaration of built-in function ‘abort’
ijw@build$ ./a.out
Aborted (core dumped)
ijw@build$ sudo setcap "cap_net_admin=+ep" a.out
ijw@build$ ./a.out
Aborted
Is there any way to enable it when you're debugging and actually want to see the core file?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过更多研究后我有两个答案。
您可以完全更改系统行为。除了单用户开发机器之外,这并不真正适合,但它确实有效:
经过测试,有效。
您可以通过调用其中的 prctl() 来更改特定程序的行为:
这样,特权程序自行决定它应该是可转储的,并且整个系统不受影响。
我没有尝试过这个。
I have two answers after more research.
You can change the system behaviour in its entirety. This isn't really suitable beyond a one user development machine but it does the trick:
Tested, works.
You can change the behaviour of the specific program by calling prctl() in it:
In this way, the privileged program determines for itself that it should be dumpable, and the system as a whole is not affected.
I've not tried this one.