www.LinuxHowtos.org
edit this article
Teaser
:
Content
:
==setting the core dump name schema==
Why would you want to change the names of the coredump from the default?
'''Update: this is also a very useful defence against a currently known severe security affecting bug. See [/Security/coredumpvuln.htm Core Dump Handling Vulnerability] for information and workarounds''' Lets assume you got a couple of core dumps files in one directory (e.g. home) and you don't know which program caused it. Unless you have a grsec/pax kernel with logging features enabled, it might get tricky to find out who caused the coredumps. This is the point where the naming scheme comes handy :) The pattern can be read/set via /proc/sys/kernel/core_pattern. To set a new one just do: echo "newpattern" > /proc/sys/kernel/core_pattern you can have variables to make the file named different per executable, pid a.s.o.. max length 64 characters; default value is "core" Here is a small list of possible variables %p: pid %
: '%' is dropped %%: output one '%' %u: uid %g: gid %s: signal number %t: UNIX time of dump %h: hostname %e: executable filename %
: both are dropped If core_pattern does not include "%p" (default does not) and core_uses_pid is set, then .PID will be appended to the filename.example:
echo "core.%e.%p" > /proc/sys/kernel/core_pattern
produces files names
core.
.
to make the changes permanent, add the following line to /etc/sysctl.conf: kernel.core_pattern = core.%e.%p happy core dumping.
Note: The changes you made will be manually reviewed for spam before appearing online. This might take a while.
rate this article:
current rating: average rating: 1.3 (157 votes) (1=very good 6=terrible)
Your rating:
Very good (1)
Good (2)
ok (3)
average (4)
bad (5)
terrible (6)
back