Feature #12437

Consider saving coredumps to a sticky directory

Added by cypherpunks 2017-04-08 06:20:17 . Updated 2017-10-03 17:25:17 .

Target version:
Start date:
Due date:
% Done:


Feature Branch:
Type of work:

Affected tool:
Deliverable for:


Currently, Tails does not save coredumps due to PAM restricting resource limits (RLIMIT_CORE is set to 0). This means that both benign bugs, and exploit attempts that trigger a variety of failures will be very difficult to analyze. Segfaults and assertions for example are often triggered upon failed exploit attempts and exploits which require multiple tries to succeed. I propose Tails enable coredumps and log them to a unified directory to make it easier for the more tech-savvy individuals to limit the lifetime of exploits used against Tails users.

The simplest way to do that on a regular Linux system would be through these commands:

# Enable coredumps and limit their maximum size using PAM
echo "* - core 32768" >> /etc/security/limits.conf

# Create a sticky directory to store the core files
mkdir -m 1777 /var/coredumps

# Don't let the coredump directory take up too much space
echo "tmpfs /var/coredumps tmpfs nodev,nosuid,noexec,size=256M 0 0" >> /etc/fstab

# Save all coredumps to the new directory, and give them unique names (example format)
echo "kernel.core_pattern = /var/coredumps/%e.%P" >> /etc/sysctl.d/coredumps.conf

# Dumping setuid binaries is safe, because the directory is sticky
echo "fs.suid_dumpable = 1" >> /etc/sysctl.d/coredumps.conf

# A reboot is the easiest way for all of this to take effect
shutdown -r now

Note that this can also be accomplished with systemd-coredump (not installed by default on Tails), which configures the kernel.core_pattern sysctl to pipe all coredumps to that program, which them processes them and logs them to systemd’s ugly binary journal. I’m not suggesting it primarily because I know nothing about it.

Please consider enabling coredumps on Tails. It will help dissuade attackers from attempting to use valuable exploits against Tails users, and will make attacks in general easier to catch and analyze.



#1 Updated by emmapeel 2017-05-25 09:10:55

  • Type of work changed from Code to Discuss

I have added this ticket to the contributors meeting agenda.

Please share your thoughts here beforehand so we can take an informed decision.

#2 Updated by Anonymous 2017-06-27 09:04:28

  • Assignee set to intrigeri
  • Type of work changed from Discuss to Research

Tentaively assigning to foundations team for testing/researching and providing some technical input on this request.

#3 Updated by intrigeri 2017-06-27 12:47:33

  • Assignee deleted (intrigeri)
  • Type of work changed from Research to Discuss

Sorry, I have no technical insight about this. Let’s discuss at the meeting if we find the benefits worth the memory cost.

#4 Updated by intrigeri 2017-09-01 12:49:11

  • Subject changed from Save coredumps to a sticky directory to Consider saving coredumps to a sticky directory
  • Status changed from New to Confirmed

#5 Updated by segfault 2017-09-06 17:51:25

  • Assignee set to segfault
  • Priority changed from Normal to Low

#6 Updated by intrigeri 2017-10-03 17:25:17

  • Type of work changed from Discuss to Research