Hi guys.

Is there a way of setting Slackware up so that core dumps don't happen?

By default, Slackware appears to not do core dumps. But any user can do
"ulimit -c unlimited" and turn core dumps on. I want to prevent that.

If I create /etc/limits.conf and set

* C0

that doesn't work. Any user can over-ride it with ulimit and get core
dumps again. Is there any way of absolutely preventing users from
getting core dumps?

* Sad Expat <expat@expatsrus.org> writes:

> By default, Slackware appears to not do core dumps. But any user
> can do "ulimit -c unlimited" and turn core dumps on. I want to
> prevent that.

Why? Core dump files don't hurt anything ('cept a little HD space).
Consider too, that a user who turns on core files is more than likely
a user that has a use for them.


--
|---<Steve Youngs>---------------<GnuPG KeyID: A94B3003>---|
| Genius - Is the ability to reduce |
| the complicated to the simple |
|----------------------------------<steve@youngs.au.com>---|

On Mon, 24 Oct 2005 21:50:02 +0000, Steve Youngs wrote:

> * Sad Expat <expat@expatsrus.org> writes:
>
> > By default, Slackware appears to not do core dumps. But any user can
> > do "ulimit -c unlimited" and turn core dumps on. I want to prevent
> > that.
>
> Why? Core dump files don't hurt anything ('cept a little HD space).
> Consider too, that a user who turns on core files is more than likely a
> user that has a use for them.

If you don't know the answer to the OP's question, why don't you just
refrain from posting a personal opinion? The OP probably has his reasons
to proceed that way, regardless of your opinion on the issue.

To the OP: Perhaps this link

http://www.bigbold.com/snippets/posts/show/82

will be of use to you.

* Felix Rawlings <fraw@yahoo.com> writes:

> On Mon, 24 Oct 2005 21:50:02 +0000, Steve Youngs wrote:
>> * Sad Expat <expat@expatsrus.org> writes:
>>
>> > By default, Slackware appears to not do core dumps. But any user can
>> > do "ulimit -c unlimited" and turn core dumps on. I want to prevent
>> > that.
>>
>> Why? Core dump files don't hurt anything ('cept a little HD space).
>> Consider too, that a user who turns on core files is more than likely a
>> user that has a use for them.

> If you don't know the answer to the OP's question,

Don't jump to conclusions...

`ulimit -Hc 0' in the system-wide shell start up scripts
(/etc/profile, for example).

It sets a "hard" limit that the user won't be able to unset.

--
|---<Steve Youngs>---------------<GnuPG KeyID: A94B3003>---|
| Genius - Is the ability to reduce |
| the complicated to the simple |
|----------------------------------<steve@youngs.au.com>---|

Thanks guys.

You've given me the answer.

/etc/profile gets 'ulimit -Hc 0'
and
/etc/csh.login gets 'limit -h coredumpsize 0'

That gives me exactly what I want, and covers all the shells installed
with Slackware.

Every time I've come in here to the Slackware newsgroup with a question,
you guys have given me the answer. Thanks. I appreciate the help.

* Sad Expat <expat@expatsrus.org> writes:

> /etc/profile gets 'ulimit -Hc 0'

> That gives me exactly what I want

I _have_ to know, it's driving me nuts... why do you want this?

--
|---<Steve Youngs>---------------<GnuPG KeyID: A94B3003>---|
| Genius - Is the ability to reduce |
| the complicated to the simple |
|----------------------------------<steve@youngs.au.com>---|

On Mon, 24 Oct 2005 20:38:13 +0000, Sad Expat wrote:

> Hi guys.
>
> Is there a way of setting Slackware up so that core dumps don't happen?
>
> By default, Slackware appears to not do core dumps. But any user can do
> "ulimit -c unlimited" and turn core dumps on. I want to prevent that.
>
> If I create /etc/limits.conf and set
>
> * C0
>
> that doesn't work. Any user can over-ride it with ulimit and get core
> dumps again. Is there any way of absolutely preventing users from getting
> core dumps?

Put
ulimit -c 0
into /etc/profile

JB

Sad Expat wrote:
> Thanks guys.
>
> You've given me the answer.
>
> /etc/profile gets 'ulimit -Hc 0'
> and
> /etc/csh.login gets 'limit -h coredumpsize 0'
>
> That gives me exactly what I want, and covers all the shells installed
> with Slackware.

A user can always start a shell manually, disbling the reading of the
startup files:

bash --noprofile

He can also unset all the environment variables by the launching bash
with the env -u command. Even if you install some shell that would allow
to totally disabling core dumps, the user could always install his own
(maybe statically compiled) bash in his home directory and reenabled it.
I think the answer to your question is "no".

As other have said, I do not see the rationale about this. The core
dumps contains only the memory of the user process and bot the memory of
processes belonging to other users, so there is no security hole if that
is what you fear.

Olive

On 2005-10-25, Steve Youngs <steve@youngs.au.com> wrote:
> > /etc/profile gets 'ulimit -Hc 0'
> > That gives me exactly what I want
>
> I _have_ to know, it's driving me nuts... why do you want this?

I am a paranoid and suspicious administrator who wants to control my
users completely. On the other hand I am my only user.

In my current project, some of the code I've been writing has been
consuming huge amounts of memory before coredumping, and after a few of
these, the filesystem is full and I have problems clearing it. I'll have
my bugs worked out soon, both consuming too much memory and coredumping,
and then the problem will be over. But I was looking at ways of
controlling this, and I was exploring ways of limiting my memory with
ulimit and limit, and then found the coredump controls, and then
intellectual curiosity took over me and I started wondering how would it
be possible to lock a system down so a user could be really controlled.

Now I've seen how it can be controlled to a large degree, but I've just
seen in another message how it can be bypassed by starting a shell that
doesn't read from /etc/profile or /etc/csh.logins.

So the limit/ulimit controls can be applied as a starting point, but not
as an absolute starting point. Ordinary users will live within those
restrictions, but curious users who don't like restrictions can bypass
the controls. Which means that there's no point applying the
limit/ulimit, and I may as well stay with the default Slackware settings
of no coredumps. Savvy users will turn them on when they need to do
their work, and everyone else won't even notice it.

But now I've learnt something new and I understand the system just a
little bit better, and I marvel at how vast and complicated a modern
Unix system is and how much fun it is to work with.

Thanks for your help on this.

On Tue, 25 Oct 2005 01:10:01 +0000, Steve Youngs wrote:

> * Felix Rawlings <fraw@yahoo.com> writes:
>
> > On Mon, 24 Oct 2005 21:50:02 +0000, Steve Youngs wrote:
> >> * Sad Expat <expat@expatsrus.org> writes:
> >>
> >> > By default, Slackware appears to not do core dumps. But any user
> >> > can do "ulimit -c unlimited" and turn core dumps on. I want to
> >> > prevent that.
> >>
> >> Why? Core dump files don't hurt anything ('cept a little HD space).
> >> Consider too, that a user who turns on core files is more than likely
> >> a user that has a use for them.
>
> > If you don't know the answer to the OP's question,
>
> Don't jump to conclusions...
>
> `ulimit -Hc 0' in the system-wide shell start up scripts (/etc/profile,
> for example).
>
> It sets a "hard" limit that the user won't be able to unset.

So, either you knew before, and selfishly kept the info to yourself,
choosing to demand first why, or you did not, and, out of shame, found out
only when spurred to do so.