SUSE Support

Here When You Need Us

How to enable creation of core dumps of segfaulting sudo

This document (000020861) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 All Releases
SUSE Linux Enterprise Server 15 All Releases

Situation

"sudo" crashes with a segmentation fault, but does not generate a core file.

Resolution

Depending on how you want to log core dumps, please refer to TID 7017137 (the systemd way) and TID 3054866 (the traditional way) first. A requisite to dump a SUID program is to set the sysctl fs.suid_dumpable to 2, i.e.:
sysctl -w fs.suid_dumpable=2

This is not sufficient for sudo, though, as by default it temporarily disables core dumps during execution. Immediately before running the program to run, sudo enables it again. To enable core dumps during the execution of sudo, edit the file /etc/sudo.conf (not sudoers) and add the line
Set disable_coredump false

When sudo crashes with this setting, a core dump will be created.

Once you have captured the core dump, either remove the line again or set disable_coredump to true to avoid login credentials from leaking through unnoticed core dumps. Deleting core files of sudo immediately after having them analyzed is strongly recommended.

Cause

The behavior that sudo is not creating core files by default when crashing is intentional, as sudo under most circumstances has user credentials such as passwords or access tokens stored in memory that would be included in the core file.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020861
  • Creation Date: 16-Nov-2022
  • Modified Date:17-Nov-2022
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.