[Devel] openser core dump functionality
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Mon Feb 19 18:18:58 CET 2007
Hi Henning,
according to man page, prctl is linux specific (or at least is not
something portable); on the other hands, also according to man,
disabling the coredump after setuid is also something linux specific :)
so, all this code should be compiled only for linux OS ....I will take
care of this.
Thanks and regards,
Bogdan
Henning Westerholt wrote:
> Am Montag, 19. Februar 2007 16:33 schrieben Sie:
>
>> Hi Henning,
>>
>> suuuuree.....I personally had some hard times when I wasn't getting the
>> core after a crash...
>>
>
> Ok, great! :-)
>
> Here's the patch (against cvs)..
>
> It includes the prctl.h header and uses the PR_SET_DUMPABLE syscall. This
> patch has been some time in production for 0.9.5, but i can not imagine why
> this should not work for 1.2.
>
> Perhaps it is sensible to disable this by default for security reasons?
>
> Regards,
>
> Henning
>
> ------------------------------------------------------------------------
>
> diff -U 3 -dHrN sip-server/daemonize.c openser-cvs/daemonize.c
> --- sip-server/daemonize.c 2005-06-13 18:47:26.000000000 +0200
> +++ openser-cvs/daemonize.c 2007-02-19 17:16:38.000000000 +0100
> @@ -49,6 +49,8 @@
> #include <sys/resource.h> /* setrlimit */
> #include <unistd.h>
>
> +#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
> +
> #include "daemonize.h"
> #include "globals.h"
> #include "dprint.h"
> @@ -217,6 +219,12 @@
> goto error;
> }
> }
> +
> + // setuid disables core dumping, reenable it
> + if (prctl(PR_SET_DUMPABLE, 1)) {
> + LOG(L_ERR, "Cannot enable core dumping after setuid\n");
> + }
> +
> return 0;
> error:
> return -1;
> diff -U 3 -dHrN sip-server/main.c openser-cvs/main.c
> --- sip-server/main.c 2007-02-14 08:23:16.000000000 +0100
> +++ openser-cvs/main.c 2007-02-19 17:13:33.000000000 +0100
> @@ -83,6 +83,7 @@
> #include <pwd.h>
> #include <grp.h>
> #include <signal.h>
> +#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
> #include <time.h>
>
> #include <sys/ioctl.h>
> @@ -675,11 +676,17 @@
> LOG(L_ERR, "Error while creating unix domain sockets\n");
> goto error;
> }
> +
> if (do_suid()==-1) goto error; /* try to drop privileges */
> /* process_no now initialized to zero -- increase from now on
> as new processes are forked (while skipping 0 reserved for main
> */
>
> + // setuid disables core dumping, reenable it
> + if (prctl(PR_SET_DUMPABLE, 1)) {
> + LOG(L_ERR, "Cannot enable core dumping after setuid\n");
> + }
> +
> /* we need another process to act as the timer*/
> #ifdef USE_TCP
> /* if we are using tcp we always need a timer process,
> @@ -800,6 +807,11 @@
> * so we open all first*/
> if (do_suid()==-1) goto error; /* try to drop privileges */
>
> + // setuid disables core dumping, reenable it
> + if (prctl(PR_SET_DUMPABLE, 1)) {
> + LOG(L_ERR, "Cannot enable core dumping after setuid\n");
> + }
> +
> /* Spawn children listening on unix domain socket if and only if
> * the unix domain socket server has not been disabled (i == 0) */
> if (init_unixsock_children()<0) {
>
More information about the Devel
mailing list