Re: [Devel] openser core dump functionality

[Bogdan-Andrei Iancu]

Henning,

I uploaded the patach on CVS. I guess it was a bit redundant as prctl() 
was called in do_suid() and after it also.

I extended the patch a bit to use prctl() only for linux and to trigger 
it also during daemonizing (because of setsid() ).

As you suggested, this functionality may be controlled via 
disable_core_dump core parameter.

Please test the new version and let me know if it works as good as the 
original one ;).

Thanks and regards,
bogdan

Bogdan-Andrei Iancu wrote:
Hi Henning,

according to man page, prctl is linux specific (or at least is not 
something portable); on the other hands, also according to man, 
disabling the coredump after setuid is also something linux specific :)

so, all this code should be compiled only for linux OS ....I will take 
care of this.

Thanks and regards,
Bogdan

Henning Westerholt wrote:
Am Montag, 19. Februar 2007 16:33 schrieben Sie:
 
Hi Henning,

suuuuree.....I personally had some hard times when I wasn't getting the
core after a crash...
    

Ok, great! :-)

Here's the patch (against cvs)..

It includes the prctl.h header and uses the PR_SET_DUMPABLE syscall. 
This patch has been some time in production for 0.9.5, but i can not 
imagine why this should not work for 1.2.
Perhaps it is sensible to disable this by default for security reasons?

Regards,

Henning
  
------------------------------------------------------------------------

diff -U 3 -dHrN sip-server/daemonize.c openser-cvs/daemonize.c
--- sip-server/daemonize.c    2005-06-13 18:47:26.000000000 +0200
+++ openser-cvs/daemonize.c    2007-02-19 17:16:38.000000000 +0100
@@ -49,6 +49,8 @@
 #include <sys/resource.h> /* setrlimit */
 #include <unistd.h>
 
+#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
+
 #include "daemonize.h"
 #include "globals.h"
 #include "dprint.h"
@@ -217,6 +219,12 @@
             goto error;
         }
     }
+
+    // setuid disables core dumping, reenable it
+    if (prctl(PR_SET_DUMPABLE, 1)) {
+        LOG(L_ERR, "Cannot enable core dumping after setuid\n");
+    }
+
     return 0;
 error:
     return -1;
diff -U 3 -dHrN sip-server/main.c openser-cvs/main.c
--- sip-server/main.c    2007-02-14 08:23:16.000000000 +0100
+++ openser-cvs/main.c    2007-02-19 17:13:33.000000000 +0100
@@ -83,6 +83,7 @@
 #include <pwd.h>
 #include <grp.h>
 #include <signal.h>
+#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
 #include <time.h>
 
 #include <sys/ioctl.h>
@@ -675,11 +676,17 @@
             LOG(L_ERR, "Error while creating unix domain sockets\n");
             goto error;
         }
+
         if (do_suid()==-1) goto error; /* try to drop privileges */
         /* process_no now initialized to zero -- increase from now on
            as new processes are forked (while skipping 0 reserved 
for main          */
 
+        //  setuid disables core dumping, reenable it
+        if (prctl(PR_SET_DUMPABLE, 1)) {
+            LOG(L_ERR, "Cannot enable core dumping after setuid\n");
+        }
+
         /* we need another process to act as the timer*/
 #ifdef USE_TCP
         /* if we are using tcp we always need a timer process,
@@ -800,6 +807,11 @@
              * so we open all first*/
         if (do_suid()==-1) goto error; /* try to drop privileges */
 
+            // setuid disables core dumping, reenable it
+            if (prctl(PR_SET_DUMPABLE, 1)) {
+                  LOG(L_ERR, "Cannot enable core dumping after 
setuid\n");
+            }
+
         /* Spawn children listening on unix domain socket if and 
only if
          * the unix domain socket server has not been disabled (i == 
0) */
         if (init_unixsock_children()<0) {
  


_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel



_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel