[Devel] openser core dump functionality

Bogdan-Andrei Iancu bogdan at voice-system.ro
Mon Feb 19 18:18:58 CET 2007 

Hi Henning,

according to man page, prctl is linux specific (or at least is not 
something portable); on the other hands, also according to man, 
disabling the coredump after setuid is also something linux specific :)

so, all this code should be compiled only for linux OS ....I will take 
care of this.

Thanks and regards,
Bogdan

Henning Westerholt wrote:
> Am Montag, 19. Februar 2007 16:33 schrieben Sie:
>   
>> Hi Henning,
>>
>> suuuuree.....I personally had some hard times when I wasn't getting the
>> core after a crash...
>>     
>
> Ok, great! :-)
>
> Here's the patch (against cvs)..
>
> It includes the prctl.h header and uses the PR_SET_DUMPABLE syscall. This 
> patch has been some time in production for 0.9.5, but i can not imagine why 
> this should not work for 1.2. 
>
> Perhaps it is sensible to disable this by default for security reasons?
>
> Regards,
>
> Henning
>   
> ------------------------------------------------------------------------
>
> diff -U 3 -dHrN sip-server/daemonize.c openser-cvs/daemonize.c
> --- sip-server/daemonize.c	2005-06-13 18:47:26.000000000 +0200
> +++ openser-cvs/daemonize.c	2007-02-19 17:16:38.000000000 +0100
> @@ -49,6 +49,8 @@
>  #include <sys/resource.h> /* setrlimit */
>  #include <unistd.h>
>  
> +#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
> +
>  #include "daemonize.h"
>  #include "globals.h"
>  #include "dprint.h"
> @@ -217,6 +219,12 @@
>  			goto error;
>  		}
>  	}
> +
> +	// setuid disables core dumping, reenable it
> +	if (prctl(PR_SET_DUMPABLE, 1)) {
> +		LOG(L_ERR, "Cannot enable core dumping after setuid\n");
> +	}
> +
>  	return 0;
>  error:
>  	return -1;
> diff -U 3 -dHrN sip-server/main.c openser-cvs/main.c
> --- sip-server/main.c	2007-02-14 08:23:16.000000000 +0100
> +++ openser-cvs/main.c	2007-02-19 17:13:33.000000000 +0100
> @@ -83,6 +83,7 @@
>  #include <pwd.h>
>  #include <grp.h>
>  #include <signal.h>
> +#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
>  #include <time.h>
>  
>  #include <sys/ioctl.h>
> @@ -675,11 +676,17 @@
>  			LOG(L_ERR, "Error while creating unix domain sockets\n");
>  			goto error;
>  		}
> +
>  		if (do_suid()==-1) goto error; /* try to drop privileges */
>  		/* process_no now initialized to zero -- increase from now on
>  		   as new processes are forked (while skipping 0 reserved for main 
>  		*/
>  
> +		//  setuid disables core dumping, reenable it
> +		if (prctl(PR_SET_DUMPABLE, 1)) {
> +			LOG(L_ERR, "Cannot enable core dumping after setuid\n");
> +		}
> +
>  		/* we need another process to act as the timer*/
>  #ifdef USE_TCP
>  		/* if we are using tcp we always need a timer process,
> @@ -800,6 +807,11 @@
>  			 * so we open all first*/
>  		if (do_suid()==-1) goto error; /* try to drop privileges */
>  
> +    		// setuid disables core dumping, reenable it
> +    		if (prctl(PR_SET_DUMPABLE, 1)) {
> +      			LOG(L_ERR, "Cannot enable core dumping after setuid\n");
> +    		}
> +
>  		/* Spawn children listening on unix domain socket if and only if
>  		 * the unix domain socket server has not been disabled (i == 0) */
>  		if (init_unixsock_children()<0) {
>

More information about the Devel mailing list