It's definitely a problem with calling setuid() and then not re-invoking PR_SET_DUMPABLE. I think it must have been broken for a long time as the version before using POSIX capabilities didn't call setuid until after invoking PR_SET_DUMPABLE. I put some extra debugging output in and verified that after calling change_uid_gid the PR_SET_DUMPABLE flag was off (core dumps disabled). I put a check in to the original call in set_core_size to validate and that did not trigger, indicating that the value was set at that point.
I made a patch that I am testing that sets a flag if the core file size is non-zero and calls PR_SET_DUMPABLE after calling change_uid_gid() if that flag is set. At that point I could generate core dumps. Thanks for the note, Rayson, it set me on the right path.
