Hi Henning,
according to man page, prctl is linux specific (or at least is not
something portable); on the other hands, also according to man,
disabling the coredump after setuid is also something linux specific :)
so, all this code should be compiled only for linux OS ....I will take
care of this.
Thanks and regards,
Bogdan
Henning Westerholt wrote:
Am Montag, 19. Februar 2007 16:33 schrieben Sie:
Hi Henning,
suuuuree.....I personally had some hard times when I wasn't getting the
core after a crash...
Ok, great! :-)
Here's the patch (against cvs)..
It includes the prctl.h header and uses the PR_SET_DUMPABLE syscall. This
patch has been some time in production for 0.9.5, but i can not imagine why
this should not work for 1.2.
Perhaps it is sensible to disable this by default for security reasons?
Regards,
Henning
------------------------------------------------------------------------
diff -U 3 -dHrN sip-server/daemonize.c openser-cvs/daemonize.c
--- sip-server/daemonize.c 2005-06-13 18:47:26.000000000 +0200
+++ openser-cvs/daemonize.c 2007-02-19 17:16:38.000000000 +0100
@@ -49,6 +49,8 @@
#include <sys/resource.h> /* setrlimit */
#include <unistd.h>
+#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
+
#include "daemonize.h"
#include "globals.h"
#include "dprint.h"
@@ -217,6 +219,12 @@
goto error;
}
}
+
+ // setuid disables core dumping, reenable it
+ if (prctl(PR_SET_DUMPABLE, 1)) {
+ LOG(L_ERR, "Cannot enable core dumping after setuid\n");
+ }
+
return 0;
error:
return -1;
diff -U 3 -dHrN sip-server/main.c openser-cvs/main.c
--- sip-server/main.c 2007-02-14 08:23:16.000000000 +0100
+++ openser-cvs/main.c 2007-02-19 17:13:33.000000000 +0100
@@ -83,6 +83,7 @@
#include <pwd.h>
#include <grp.h>
#include <signal.h>
+#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
#include <time.h>
#include <sys/ioctl.h>
@@ -675,11 +676,17 @@
LOG(L_ERR, "Error while creating unix domain
sockets\n");
goto error;
}
+
if (do_suid()==-1) goto error; /* try to drop privileges */
/* process_no now initialized to zero -- increase from now on
as new processes are forked (while skipping 0 reserved for main
*/
+ // setuid disables core dumping, reenable it
+ if (prctl(PR_SET_DUMPABLE, 1)) {
+ LOG(L_ERR, "Cannot enable core dumping after setuid\n");
+ }
+
/* we need another process to act as the timer*/
#ifdef USE_TCP
/* if we are using tcp we always need a timer process,
@@ -800,6 +807,11 @@
* so we open all first*/
if (do_suid()==-1) goto error; /* try to drop privileges */
+ // setuid disables core dumping, reenable it
+ if (prctl(PR_SET_DUMPABLE, 1)) {
+ LOG(L_ERR, "Cannot enable core dumping after setuid\n");
+ }
+
/* Spawn children listening on unix domain socket if and only if
* the unix domain socket server has not been disabled (i == 0)
*/
if (init_unixsock_children()<0) {
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel
