logo

basic-core-handler

Basic Linux coredump handler to process coredump data right away git clone https://anongit.hacktivis.me/git/basic-core-handler.git

README.md (1162B)


  1. # basic-core-handler
  2. To install dump it into a root-controlled directory where executables can be launched,
  3. say `/usr/local/bin/` and set it as the coredump handler via the `kernel.core_pattern` setting in `/etc/sysctl.conf` like so:
  4. ```
  5. kernel.core_pattern = |/usr/local/bin/core-handler %P %u %g %s %t %c %e %E
  6. ```
  7. It will then create the following files in `/var/crash`, prefixed by the crash timestamp, pid, uid, command:
  8. * `*.core`: Coredump, as given by kernel on stdin
  9. * `*.info`: Textual dump of information given by kernel as arguments
  10. * `*.backtrace.txt`: lldb(1) generated coredump information, mainly the backtrace but also some other related information
  11. ## Dependencies
  12. * POSIX Shell & Utilities
  13. * applyuidgid(1) provider, such as daemontools, daemontools-encore or s6
  14. * lldb(1) from LLVM
  15. ## Security
  16. * `/var/crash` is verified to be root-controlled before creating any files in it
  17. * No information about the process is extracted from `/proc` or equivalent (hardening against attacker killing the crashed process)
  18. ---
  19. ```
  20. Copyright © 2024 Haelwenn (lanodan) Monnier <contact+core-handler@hacktivis.me>
  21. SPDX-License-Identifier: MIT
  22. ```