Project

General

Profile

Feature #12437

Consider saving coredumps to a sticky directory

Added by cypherpunks over 2 years ago. Updated almost 2 years ago.

Status:
Confirmed
Priority:
Low
Assignee:
Category:
-
Target version:
-
Start date:
04/08/2017
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:
Starter:
No
Affected tool:

Description

Currently, Tails does not save coredumps due to PAM restricting resource limits (RLIMIT_CORE is set to 0). This means that both benign bugs, and exploit attempts that trigger a variety of failures will be very difficult to analyze. Segfaults and assertions for example are often triggered upon failed exploit attempts and exploits which require multiple tries to succeed. I propose Tails enable coredumps and log them to a unified directory to make it easier for the more tech-savvy individuals to limit the lifetime of exploits used against Tails users.

The simplest way to do that on a regular Linux system would be through these commands:

# Enable coredumps and limit their maximum size using PAM
echo "* - core 32768" >> /etc/security/limits.conf

# Create a sticky directory to store the core files
mkdir -m 1777 /var/coredumps

# Don't let the coredump directory take up too much space
echo "tmpfs /var/coredumps tmpfs nodev,nosuid,noexec,size=256M 0 0" >> /etc/fstab

# Save all coredumps to the new directory, and give them unique names (example format)
echo "kernel.core_pattern = /var/coredumps/%e.%P" >> /etc/sysctl.d/coredumps.conf

# Dumping setuid binaries is safe, because the directory is sticky
echo "fs.suid_dumpable = 1" >> /etc/sysctl.d/coredumps.conf

# A reboot is the easiest way for all of this to take effect
shutdown -r now

Note that this can also be accomplished with systemd-coredump (not installed by default on Tails), which configures the kernel.core_pattern sysctl to pipe all coredumps to that program, which them processes them and logs them to systemd's ugly binary journal. I'm not suggesting it primarily because I know nothing about it.

Please consider enabling coredumps on Tails. It will help dissuade attackers from attempting to use valuable exploits against Tails users, and will make attacks in general easier to catch and analyze.

History

#1 Updated by emmapeel over 2 years ago

  • Type of work changed from Code to Discuss

I have added this ticket to the contributors meeting agenda.

Please share your thoughts here beforehand so we can take an informed decision.

#2 Updated by u about 2 years ago

  • Assignee set to intrigeri
  • Type of work changed from Discuss to Research

Tentaively assigning to foundations team for testing/researching and providing some technical input on this request.

#3 Updated by intrigeri about 2 years ago

  • Assignee deleted (intrigeri)
  • Type of work changed from Research to Discuss

Sorry, I have no technical insight about this. Let's discuss at the meeting if we find the benefits worth the memory cost.

#4 Updated by intrigeri about 2 years ago

  • Subject changed from Save coredumps to a sticky directory to Consider saving coredumps to a sticky directory
  • Status changed from New to Confirmed

#5 Updated by segfault about 2 years ago

  • Assignee set to segfault
  • Priority changed from Normal to Low

#6 Updated by intrigeri almost 2 years ago

  • Type of work changed from Discuss to Research

Also available in: Atom PDF