Working with Core Dumps

A core dump is a file that's produced when a process malfunctions and ends prematurely. The core dump contains an image of the process's memory. You can use a core dump to debug problems and inspect the stage of the program when it ended. You can produce core dumps on-demand or they can be created automatically on termination.

The core file, also referred to as core, is created in the current working directory. Note that the writing of core fails if the directory to which it's to be created is read-only, or if a file exists with the same name in that location, and that file is read-only or not a regular file.

Core dumps can contain information that an attacker could exploit. Core dumps can also take up a lot of disk space. Therefore Oracle Linux, by default, disables the core dump function. It does so by limiting the maximum size of a core dump file to 0. You can find the current core size for a system using the following ulimit command. For example, this command shows that the ulimit size for the current terminal user session is set to the default 0 value: 

ulimit -c
0
If you experience problems with an application running in the current terminal session, you can enable core dumps for the session by changing the ulimit -c value to any integer number larger than 0. For example: 
ulimit -c 1000

To make changes persist between reboots you can limit or restrict access to core dumps to various users or groups. See the limits.conf(5) manual page for details.

By default, the system prevents the setuid and setgid programs, programs that have changed credentials, and programs containing binaries that don't have read permission from dumping core. To ensure that this setting is still disabled, run the following command: 
sysctl fs.suid_dumpable

A value of fs.suid_dumpable = 0 indicates that the setting is still disabled.

Note:

Enabling dump files for these programs isn't recommended. If, for some reason, you need to enable dump files for these programs, you can enable this dump file by setting the fs.suid_dumpable value to 1 or 2. A value of 1 creates core dumps that are readable by the owner of the dumping process. A value of 2 creates core dumps that are only readable by root for debugging purposes.

For more information about temporarily enabling core dumps to troubleshoot a malfunctioning system, see Oracle Linux 8: Monitoring and Tuning the System.