commit: 969d655f57bd604fd6df183d94f41d2d5bc7a122
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Fri, 30 May 2025 21:11:20 +0200
init
Diffstat:
3 files changed, 111 insertions(+), 0 deletions(-)
diff --git a/LICENSES/MIT.txt b/LICENSES/MIT.txt
@@ -0,0 +1,18 @@
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
+following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,27 @@
+# basic-core-handler
+
+To install dump it into a root-controlled directory where executables can be launched,
+say `/usr/local/bin/` and set it as the coredump handler via the `kernel.core_pattern` setting in `/etc/sysctl.conf` like so:
+```
+kernel.core_pattern = |/usr/local/bin/core-handler %P %u %g %s %t %c %e %E
+```
+
+It will then create the following files in `/var/crash`, prefixed by the crash timestamp, pid, uid, command:
+ * `*.core`: Coredump, as given by kernel on stdin
+ * `*.info`: Textual dump of information given by kernel as arguments
+ * `*.backtrace.txt`: lldb(1) generated coredump information, mainly the backtrace but also some other related information
+
+## Dependencies
+ * POSIX Shell & Utilities
+ * applyuidgid(1) provider, such as daemontools, daemontools-encore or s6
+ * lldb(1) from LLVM
+
+## Security
+ * `/var/crash` is verified to be root-controlled before creating any files in it
+ * No information about the process is extracted from `/proc` or equivalent (hardening against attacker killing the crashed process)
+
+---
+```
+Copyright © 2024 Haelwenn (lanodan) Monnier <contact+core-handler@hacktivis.me>
+SPDX-License-Identifier: MIT
+```
diff --git a/core-handler b/core-handler
@@ -0,0 +1,66 @@
+#!/bin/sh
+# Copyright © 2024 Haelwenn (lanodan) Monnier <contact+core-handler@hacktivis.me>
+# SPDX-License-Identifier: MIT
+
+applyuidgid=$(command -v applyuidgid 2>/dev/null || echo s6-applyuidgid)
+
+# kernel.core_pattern = |/usr/local/bin/core-handler %P %u %g %s %t %c %e %E
+grep -q "$0"' %P %u %g %s %t %c %e %E$' /proc/sys/kernel/core_pattern || exit 1
+
+pid="$1"; shift
+uid="$1"; shift
+gid="$1"; shift
+signum="$1"; shift
+epoch="$1"; shift
+core_limit="$1"; shift
+comm="$1"; shift
+full_path="$1"; shift
+
+destdir="/var/crash/"
+dest="${destdir}/${epoch}-${pid}-${uid}-${comm}"
+
+umask u=r,og=
+
+# Using this script, /var/crash should be "0755/drwxr-xr-x root root"
+# Let's make sure it both exists and is safe before writing anything
+mkdir -m 0755 -p "${destdir}"
+chown 0:0 "${destdir}"
+chmod 0755 "${destdir}"
+
+cat - >"${dest}.core"
+chown -- "${uid}:${gid}" "${dest}.core"
+sync -d "${dest}.core"
+
+{
+ printf 'pid: %s\n' "$pid"
+ printf 'uid: %s\n' "$uid"
+ printf 'gid: %s\n' "$gid"
+ printf 'signum: %s\n' "$signum"
+ printf 'epoch: %s\n' "$epoch"
+ printf 'core_limit: %s\n' "$core_limit"
+ printf 'comm: %s\n' "$comm"
+ printf 'full_path: %s\n' "${full_path}" | tr '!' '/'
+} > "${dest}.info"
+chown -- "${uid}:${gid}" "${dest}.info"
+sync -d "${dest}.info"
+
+# Extract the following from a coredump with LLDB:
+# - backtrace, all threads
+# - current frame for readability
+# - global and frame-local variables
+# - registers
+# - dissasembly of current frame (with mixed source code when available)
+nice -n 20 -- "${applyuidgid?}" -u "$uid" -g "$gid" -G '' lldb \
+ --core "${dest}.core" \
+ -b \
+ -o 'bt all' \
+ -o 'f' \
+ -o 'v -A -g -P2 -c -s' \
+ -o 'register read' \
+ -o 'di -m' \
+ -o 'quit' \
+ >"${dest}.backtrace.txt" 2>&1
+# -o "session save \"${dest}.backtrace.txt\""
+
+chown -- "${uid}:${gid}" "${dest}.backtrace.txt"
+sync -d "${dest}.backtrace.txt"