Re: kernel panic

[Marcus Watts <mdw_(_at_)_umich_(_dot_)_edu>]

Stefan Berg <stefan_(_at_)_duh_(_dot_)_n0ll_(_dot_)_com> writes:
> Date: Fri, 20 Sep 2002 10:58:43 +0300
> From: Stefan Berg <stefan_(_at_)_duh_(_dot_)_n0ll_(_dot_)_com>
> To: misc_(_at_)_openbsd_(_dot_)_org
> Subject: Re: kernel panic
> Message-ID: <20020920075843_(_dot_)_GA30127_(_at_)_duh_(_dot_)_n0ll_(_dot_)_com>
> 
> On Tue, Sep 17, 2002 at 02:07:23PM +0300, Stefan Berg wrote:
> > My workstation sometimes crashes. I have set ddb.panic to 0 to not hang
> > in X when the kernel panics and not be forced to hard reset the machine.
> > When it reboots after the crash there is no dump for savecore. What is
> > the way to make sure the system dumps a core file when panicing while in
> > X?
> 
> For the archives: I had vm.swapencrypt.enable = 1, which probably is why
> I haven't been getting any core dumps (or savecore hasn't been able to
> read them?). 
> 
> Stefan
> 
> 

"savecore" won't get a core dump of X.  It will get a core dump
of the whole system, which is not at all the same thing.

X is most likely SUID root.  For security reasons, SUID applications
don't normally leave core files behind.  If you want to deliberately
get a core dump, you'll need to find a way that the server need not be
SUID root.  The simplest approach may be to log in as root, run a
non-SUID copy of X, then try to do the things that would normally crash
the machine.  This does create more unfortunate security issues.
"limit coredumpsize" limits how big core files can be.  It probably
defaults to "unlimited", but you may want to check this.  xdm may run X
as root, and not give the Xserver to the user, so that may be another
viable plan.

There is probably no point in encrypting swap if the security exposure
inherent in core files, especially system core dumps, doesn't bother you.

				-Marcus Watts